Ransomware has been around for a few years now, but it’s still evolving rapidly. It’s usually a program which is transmitted by email or via a malicious website, or even via links in social media.
Cryptolocker and similar trojans will encrypt most of your files and then invite you send money to get them back. Without adequate backup there is no reliable way of recovering your data: for sure there are no guarantees that paying the ransom will actually lead to you getting your data back, and would you really want to share payment details with these dodgy characters?
Even if you keep your files on Dropbox, Google Drive or other synchronised folders, these copies can become infected as well, as we have just seen on one site. As these programs are constantly changing there is no guarantee that every Anti Virus program will protect against them.
So our advice is as follows:
- Prevention is better than cure: Be extra careful when opening emails with attachments or clicking on links to web sites. If you don’t recognise the source or you see anything suspicious, don’t open it.
- Ensure your Anti Virus is up to date and operational. You may also consider getting additional tools such as Malware Bytes Professional (but there are no guarantees this prevent infection)
- For small office or individual users, the KEY point is to ensure that you have local backups to a removable hard drive or memory stick which you REMOVE after the backup is complete. Do NOT leave it connected to the computer once the backup is complete. For additional protection, keep several copies on different drives. For example, you could have four drives and keep four weeks worth of backups.
- You can use an off-site backup service (not a sync service like Dropbox or Google Drive). If you do this, make sure your local backups take that into account. We would always advocate a local backup to removable disk or tape as well as off-site.
- Ideally you shouldn’t be holding personal information like music or video collections on work PCs as these will slow down the backup and restore process. If you do have large files, like CCTV footage, then keep them in a separate folder away from your main documents, and back those up separately, as you are unlikely to want to pay to have those backed up remotely. Note the same virus can spread to shared folders on servers or NAS drives as well.
- Don’t forget you can always backup files to a DVD writer as well, many PCs have these built-in, or you can get portable units relatively cheaply. If you get the right kind of disks you can backup over 4GB of data, and files on DVD-R discs cannot be overwritten, so can’t get infected.
- If you think you have an infection, DO NOT connect your backup drives until you are sure that the computer has been cleaned, otherwise you risk infecting your backup as well.
We are looking at various programs that claim to protect specifically against this kind of virus, and will report back with our findings.
Key messages: be vigilant, backup and test restore from backups regularly.
If you need any more information, please don’t hesitate to get in touch.
Note that this post is aimed at individuals/small business users. Whilst some observations will be relevant to enterprises, it’s assumed more robust/formal backups are protections are in place. In addition, clients with a server based infrastructure should ensure that users are only given access to files that they really need, and that drives aren’t mapped unnecessarily. This will reduce the scope for destruction from an infected machine.