RANSOMWARE: PULL THE PLUG
You go onto your computer, and all your important documents, spreadsheets, and irreplaceable photos have been encrypted into a meaningless sequence of 0s and 1s. The only way to get them back is by paying money to some unknown hacker for the decryption key.
A message on your screen tells you what has happened and gives you a time limit to transfer potentially thousands of dollars into the darknet within hours, or days or else you'll never see your data again. The criminals who did this to you have used bitcoin and sophisticated techniques to cover their tracks. Even if they get caught, you might not get your data back.
You open up your carefully planned backups, only to see that they have been encrypted too. It sounds like some type of twisted fantasy from an action movie, but this has become a dark reality for the UK national health service, the cities of Baltimore and Atlanta, and many law firms, accounting firms, manufacturers, and small to medium businesses. Not to mention the individuals and families that have lost their wedding photos or university assignments.
According to the FBI (as reported by ZDNet), victims of ransomware paid over NZ $235 million in the last six years. The US states of Louisiana and Colorado have both had to declare states of emergency and lose millions of dollars after refusing to pay the ransom.
Cyber-attacks can bring governments to their knees and put any private company out of business. Unlike viruses or malware, a ransomware attack can involve hackers specifically targeting your business. Hackers can pose as employees or computer technicians to physically attach an 'attack USB stick' to your computer inside your network, after disabling anti-virus software and other protection.
Yet for all the threats that ransomware presents, becoming ransomware-proof is surprisingly easy. You just need to be prepared.
1. Pull the Plug on your Backup Drives.
When you make a nightly backup onto a remote backup drive, disconnect it from your computer and take it home.
If you're using an Apple Mac computer, you can backup using Time Machine. Windows computers can be backed up with any of several affordable backup programs from various vendors, or you can simply drag folders with your important files onto the backup drive. Once the backup completes, unplug the drive and take it home.
Because the drive is now unplugged, the data cannot be encrypted or deleted, no matter how sophisticated the hackers are, or how well written their ransomware is, unless they physically steal the backup drive from you.
Repeat this process the next day with another drive. When you have three drives at home, you can take the oldest drive and reuse it. Because these drives contain all of your confidential business files, do not delegate this task to a junior employee, or to anyone who you can't trust with any confidential data.
If you have servers, or sophisticated database applications, or anything else like Adobe Lightroom that doesn't store its data in files, the backups need to be planned professionally. We can help you make sure that the backup you take home on your drive has everything that you need.
If the loss of even a few hours to a day of data is unacceptable, then other methods may need to be used, but the fundamental principles remain the same. A hacker can always find a way to delete or encrypt data on a disk drive, if the drive is connected to a computer or plugged in.
If you are attacked and lose your files, do not just plug the drive back in since the moment you do, the ransomware could be hiding on the computer you are using and can encrypt that drive as well. Instead, bring the drive to us or any competent IT technician, to make a full copy onto another drive. You should then use the copy to restore your data after we've cleaned your computers and removed the ransomware.
One of the worst nightmares that could happen to your business can be avoided by following this principle: They cannot destroy your data if the drive is not plugged in.
2. Print it Out.
Computers can always be hacked. But ransomware cannot encrypt paper.
Printing isn't cheap or convenient, and neither is getting printed data typed back in. Yet it has one key advantage, in that no matter what a hacker does, short of setting your office on fire, the paper documents will survive.
If you have critical information such as client lists, or financial information that you can never afford to lose, no matter what, print it out. Printing double-sided, at 25% magnification, will fit eight pages of data into a single page. The printout could be difficult to read, but it's for emergency use only, and your cyber-insurance should cover the data entry cost.
Printing to paper is not an easy approach. However, it is immune from any sophisticated techniques a hacker might use, such as sabotaging your backups in advance of a ransomware attack, hoping you won't test them on another computer and notice the problem. There is a reason your bank branch prints a paper deposit slip when you give them your money.
3. Send it safely away by email.
Ransomware cannot encrypt someone else's email unless they are infected too.
One of the most effective ways to keep a permanent backup of individual files, particularly if you don't do your offsite backup every day, is to have a backup email address. Depending on how many documents you have, this could be a free Gmail account, or a commercial email service.
Email any irreplaceable files to this address, and if the hacker cannot gain access to the email account, those files cannot be lost.
Sending key files to a trusted email address is an easy and potentially free solution for small numbers of relatively small files.
The backup email address must be configured to be hack-proof, otherwise a Ransomware attacker could delete the emails there too. Do not use this email for other purposes, or allow any computer to save the password. Do not link it for lost password recovery to any phone number that a hacker could know is yours.
NetExperts can set this up for you and periodically check that emails with crucial files have arrived safe and sound. Alternatively, you could use the email address of a trusted friend or family member if you do not mind their having access to the files you've sent.
One of the first things we ask survivors of ransomware is whether they ever sent any of their important or irreplaceable files to someone else by email. That someone else may still have a copy of the file.
4. Backup onto tape.
Businesses with large quantities of mission-critical data like law firms, photographers, and medical centres may prefer to back up onto LTO tape. LTO is a modern version of a technology that has been with us since the dawn of computing. LTO drives write data onto magnetic tapes that can then be stored in a cool, dry place for up to 30 years.
LTO tapes still have write-protect tabs like the floppy disks of years past. Drives are constructed to ensure they physically cannot overwrite a tape if the write-protect tab is engaged.
We have an on-site LTO5 tape backup drive in our Auckland office, and as our customer can mail in your external hard drives to backup up to 1.5TB (1,500 GB) of data per tape overnight for a small fee. Alternatively, you can buy and operate a tape drive in your own office, and we can supply this equipment brand new or much more affordably from the ex-corporate used market.
For security against physical destruction or theft of your data, tapes should be stored offsite in a cool, dry, secure, and climate-controlled environment.
The newest tape drives can back up 8,000GB or more on a single tape. If stored properly, backup tapes will last for up to 30 years.
5. Use Anti-Virus and Anti-Ransomware Tools
No software-based practices will ever guarantee no data is lost, since once a hacker has remote access to your computer, they can always disable and remove the antivirus and other software-based protections.
However, running a suitable anti-virus and internet security package such as Kaspersky Small Office Security, along with a specialised anti-ransomware tool such as Cybereason Ransomfree will be enough to stop many less sophisticated attacks. Note that anti-ransomware applications work differently than anti-virus, and can pop up an alert on your screen if someone or something is trying to encrypt or delete all of your files.
6. Isolate Your Network
It's possible to configure your router to limit remote access to specific countries or cities, and even specific homes.
Not all businesses can do this, especially if you want to have the ability to log in from airports around the world, but if you can log in from anywhere, other people can too. The same principle applies to when you can log in. If no one will be working remotely overnight or on weekends, pulling the plug on your office router will absolutely prevent anyone from being able to connect to your computers from the outside world.
Limiting who can use your computers and from where may introduce a certain amount of inconvenience, but it's probably a lot less inconvenient than a ransomware attack or your confidential business data turning up on Wikileaks.
7. Stop Data Sabotage by Archiving
Don't sabotage your data by accident. Make proper archive backups or use a version control system.
While a ransomware attack involves malicious damage to your data, it is also possible to do serious damage to your data entirely by accident. Some of these scenarios are obvious, such as if you accidentally write over the wrong document, or worse, an entire folder.
Both Macintosh and Windows computers have a trash can or recycle bin to undo accidental deletions. Apple introduced Time Machine some years ago, giving non-technical users an intuitive way to automatically make archive backups to an external drive. Users can then easily go back to older versions of files before the most recent changes.
Depending on how much data you create, there are a few ways to make sure you don't score an 'own goal' against your important documents. One of the easiest ways is to have the discipline to always rename a file with a new version number whenever you make changes, and keep the older versions of the file in a distinct place.
When you reach a milestone in a document you are creating or a project you are working on, email the file to your backup email address (see anti-ransomware techniques above) or put it in a new folder and set the old folder to read-only.
Before wiping and reusing backup drives, you may wish to send them into NetExperts where we can copy the contents onto tape, and then give you a backup tape that will last for up to 30 years. If you open a file years later and find it to be damaged or to contain erroneous or corrupted data, we can read the tape for you and restore any file as it was in the past.
The security and integrity of your data is essential to your business. The best plan to ve protected it is a plan tailor-made for you. NetExperts can help you to prevent ransomware, set up a good backup plan, and ensure that your hard work is here to stay, come what may.