How can you avoid becoming the next Ransomware victim?
Ransomware attacks are in the news constantly nowadays. The Colonial Pipeline attack cost all of us money at the gas pumps. The Colonial Pipeline attack was the 2nd largest ransom paid that we know of at $4.4 million. CWT Global tops it at $4.5 million.
Ransomware is a new “cottage industry” on the dark web. You can go online and buy a ransomware kit with everything you need to create and launch a ransomware attack of your own. There is even a helpdesk addon. If you are feeling particularly lazy, there is even a full-service version where they will do everything for you,
Why is this happening? Because it is profitable! It is where the “bad guys” can get easy money. In the New Yorker magazine, an article dated June 7th, 2021, goes into great detail on the inter-workings of ransomware attacks. The article is “How to Negotiate with ransomware hackers.” It goes into detail on why ransomware attacks are working and the profit and motives behind them.
Bringing all this home to your small business, why would you care?
Ransomware attackers are not picky. Sure, they go after the big companies for a big payday, but they are also constantly looking for smaller victims that are easy targets and, as a result, easy money. One of the most common methods is to pick a large company that many people use regularly and send out an email pretending to deliver critical information to the recipient in an attachment. If you open the attachment, all your data gets encrypted with a note telling you what to do to recover your data.
For the small company, there are a few options at this point:
- Pay the ransom – maybe you will get your data back, and you are perpetuating the practice by rewarding the perpetrators. Generally, you have a 50/50 chance of recovery if you pay.
- You can restore your information from your backup. Provided it was not connected to the computer(s) or network at the time of the attack.
What can you do to avoid becoming the next ransomware victim?
- Educate yourself and your employees, family members, anyone that deals with emails. Learn what to open and what to leave alone. How to deal with suspicious emails, how to recognize them.
For example, does the email address of the sender match the name of the company. For example, if you get an email from “CharterCommunications_scs@gcnotify.com” that would not be good as any email from Charter would either have charter.com or spectrum.com after the “@” sign.
Another example would be “PayPal firstname.lastname@example.org” just because it starts with PayPal does not mean it is from PayPal. This particular email had a .txt file attached that is also a “red flag.”
- If the email has an attachment, unless you know it is legitimate, do not automatically open it. Even if you think you are expecting the attachment. The “bad guys” use FedEx all the time to get you to open an attachment from FedEx as there is a high probability that you are expecting a package.
We have even seen emails from accountants or financial advisors with “newsletters” attached that are ransomware attacks.
If you are not sure if you have any suspicion whatsoever, DON’T open it.
- Be very careful clicking on links in an email; they can be just as dangerous. You can “mouse over” the link in a Windows environment and see where it will take you. If it is legit, it will have the proper website domain listed in the link but be sure. It is a little more tedious in an Apple world, and even I do not like to do it. You have to “click and hold” over the link to see where it would take you. I do not like the “click” part.
- Add security to your email to filter out as many of the threatening emails as possible. It will not get them all, but it should get most of them.
- Slow down. I know you have many emails to check, do not get in a hurry; that is when bad things happen.
So, what do we do? First, you want to be sure you back up to the cloud or an external hard drive, then detach the external hard drive from your computer. If you have an attached hard drive at the time of the attack, it will be encrypted also. If you use a cloud backup, it will not be encrypted.
Next, educate, educate, educate. Most ransomware attacks are caused by an employee opening an attachment to an email. Sometimes it is very obvious; sometimes, it is incredibly targeted and tough to detect.
If you are not sure, don’t open it. I know I am repetitive here, but it is that important.
One last option, call your computer guy or call us. We get these calls all the time and can walk you through determining if it is OK to open or not. We may get you to send it to us, or we can (with your assistance) log into your computer and look at it.