Ransomware virus attacks have seen a dramatic increase in Denver over the last few weeks and I suspect that this is true no matter what part of the country that you are in.
As an I.T. Consulting firm we unfortunately hear more times than we would like from business owners after the fact. We would prefer to put a proactive plan in place for businesses on the front end and save our clients a lot of headaches.
Ransomware virus attacks first came on the scene a few years back with a Trojan virus by the name of Cryptolocker. Typically, a user receives an email with an attachment that is a Zip file. The emails are worded in a way to get the user to click on the attachment before noticing that it is a Zip as opposed to a PDF. The most popular renditions we have run across are either an email appearing to be from Fedex or from UPS with tracking information or one requesting more information in order to wire funds to your bank account from a client.
Once the attachment was opened it would execute a program that would begin to systematically encrypt all of the files and folders on the computer, if that computer was located on a network it could spread throughout the network as well. The user would then be directed to a website where they would be directed to pay anywhere from hundreds to thousands of dollars in order to decrypt their files. In 2013, it was estimated that victims of ransomware virus attacks had paid upwards of 27 million to attempt to get access to their data again.
Here at Code Blue Computing we have definitely been experiencing an increase in calls related to ransomware virus attacks again this month. The most recent one we ran across changed every single document on a hard drive into a PDF file.
This latest attack is named The Locky Ransomware Virus. What is really nasty about this one is it is not a Zip file that is attached but a seemingly harmless Word document. We have seen this one come in emails disguised as a Microsoft Word Invoice. When you open the document the text will appear jumbled and you will get a message to enable a macro if the text is unreadable. Once you activate the Macro it actually launches an executable that is going to begin to encrypt all your files. Once your files are encrypted you are directed to a website to pay the ransom to regain access to your files. Our advice is to never pay the ransom. There is no guarantee that they will decrypt your files and you are dealing with criminals.
What Exactly is a Business Owner to Do About Ransomware Virus Attacks?
- Educate everyone who has access to a computer in your organization. Be on alert at all times. Don’t click on attachments that were not requested. If the email is from someone you know, call them to discuss the contents to make sure it is valid before opening.
- Don’t keep backup media of any sort connected to your computer. If you insist on using External Hard Drives disconnect them each time the backup is complete to be sure a potential virus does not spread.
- Lockdown Permissions on Your Network. All open network shares should be set at the lowest permissions possible.
- Do use an Online Backup Service. This is your number one defense against ransomware virus attacks. If you catch the fact that your files have been encrypted before the next back runs you just remove the virus, do a system restore and you are off to the races again.
The most important thing that you should do as a business owner is work with a reputable I.T. Consulting firm to put policies in place to protect your business. In this world of Cyber Threats and Security Breaches if you are proactive you can rest easy and know that whether or not your business receives a virulent email will be of no consequence at all.
Call Code Blue Computing at 720-746-9763 for a full assessment of your situation and an action plan to ensure that you are ready for the next wave of ransomware virus attacks.