Ransomware – The Complete Survival Guide

Home/Data Protection, Ransomware, Scams, Security, Virus/Ransomware – The Complete Survival Guide

Ransomware – The Complete Survival Guide

In light of the recent global ransomware attacks by the Wannacry virus and the more recent Petrwrap virus, we at IT.ie decided to serialise a number of Blog post to help our clients and friends in business, greatly reduce their chances of a cyber-attack. The piece that follows is a single document constructed from our blog series that should be used by you as a guide of sorts, to use and distribute as you wish and that we hope will become an invaluable weapon in your cyber arsenal.

Firstly, let me be very clear – nobody can give a guarantee that you won’t fall victim to cyber-criminals. “This can’t be”, I hear you say. “Surely the anti-virus solution I have and the IT company I pay will guarantee my protection”. Let me be blunt; if your IT Support is telling you that they can guarantee you protection from the cyber-criminal, they are quite misguided! The truth of the matter is, the cyber-criminals while immoral and highly unethical, are in the large part, extremely clever and make it their mission to be several steps ahead of the very best anti-virus & firewall solutions. This doesn’t mean however, that you should go it alone without expert IT guidance. IT systems are one of the most, if not the most vital component of each and every business today, irrespective of size. Put simply, if your IT systems compromised in any way whatsoever, your business is at risk.

So, no matter what the nature of your business may be: if you have IT systems connected to the internet, you are attractive to the bad guys and unfortunately, small companies are considered the better targets since it is assumed that they will have weaker IT security.

A Brief History

The very first instance of hacking was by the godfather of modern day computer science, Alan Turing who created the famous Enigma Machine during world war 2. Cyber-crime in its infancy has been around since the early 1970’s when hackers began life as technology enthusiasts who believed in hacking by reprogramming computer programs to make them better and more efficient. The first evidence of cyber-crime again dates to the 70’s when hackers called “phreakers” discovered the correct codes and tones to allow them make free long distance telephone calls. The first large scale attack was in 1989 when hackers stole $70 million from the First National Bank of Chicago. This resulted in the Computer Misuser Act 1990 in the UK and criminalised the unauthorised access of computer systems.

In march our post titled “Internet Of Things (IoT)” explained that every day we are increasingly more reliant on items connected to the internet and that by 2025 it is expected that 1 trillion devices will be connected. With such a staggering number of potential vulnerable, hackable devices, I don’t think it is likely that cyber-criminals are going to simply walk away from such a lucrative criminal enterprise.

There is no doubt that cyber security experts will develop more advanced tools to fight cyber-crime and cyber-criminals and it is equally certain that cyber-criminals or cyber terrorists will make their own advances in ways to beat IT systems security. The eventual winner is anybody’s guess 

 

While I’m not going to delve in any great detail into the political element of cyber-crime, the recent allegations of state sponsored hacking to influence several high-profile elections including the 2016 US Presidential Elections are evidence that we are in a De Facto state of Cyber War.

Prepare for the Attack

At the end of this paper, we will go into a little detail on the other forms of cybercrime, but for now the biggest threat to your business is from what is known as “Phishing”.

I hear you ask, “What is “Phishing”?

Phishing is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”.

This definition while still relevant, is a little outdated. Yes, cyber criminals do still spread emails purporting to be from reputable sources with the sole purpose of obtaining personal or financial information from you, however, it is reported that up to 97% of phishing emails are now of the ransomware variety. So, rather than steal information from you, they simply encrypt your data both business related and private and then demand a ransom. Their bounty is usually payable in Bitcoin.

So, how do you prevent a ransomware attack?

As explained in blunt terms, that you cannot 100% prevent an attack, short of not using any network devices, whatsoever. There are however several things you can do to greatly reduce your likelihood of an attack. Some of which I am going to cover now was explained in our post published, earlier in the year entitled “RANSOMWARE: Common Bad Practices Are Your Biggest Threat” where I used the acronym C.U.B.E to explain these steps.

Recommended steps you should take

Communicate: with employees to develop a strategy to inform employees if a virus reaches the company network. The speedy dissemination of information is vital in stopping an attack or the continuance of an attack. Forget about the them and us, the upstairs v’s the downstairs. It is every employees duty from the MD to the office intern, to quickly get the information out that the company is under a cyberattack.

Update: all software, including operating systems, antivirus software and all other applications. Apply security patches as soon as they become available from technology providers.

Back Up: all information every day, including information on employee devices, so you can restore encrypted data if attacked. It is strongly advised that you use an online backup service

Educate: staff on cyber security practices, emphasising not opening attachments or links from unknown sources. This may well be the most important step you should take as a business owner or manager. Ask you IT support provider to provide information on the latest threats to the business community. Better still have your IT support provider organise a training session with you and your team outlining what you should look out for to reduce your chances of attack and the steps you should take, should any of your systems, fall victim to an attack

Some employers have strict policies on the private usage of their computer systems by members of staff, in that staff are prohibited from using office computers for private usage. Others find that by allowing staff to check their emails or Facebook messages during their break time has a positive impact on the working environment and promotes an atmosphere of trust between the employer and employee. In truth, this area is a minefield and if you are looking at developing a policy on internet usage, monitoring of electronic devices or installation of CCTV in the workplace, go here for further information.

Fighting the Attack

OK, so you’ve received a mail from a source that may or may not be known to you. The mail heading looks genuine enough, in that it may seem relevant to the department you work in, accounts, procurement etc. Anyway, when you open the mail, you find that there is a link or a number of links you are encouraged to click on. You click on the link and in this example, nothing happens. You move on to your next email.

Then anything from a few hours to approximately 3 days (depending on the number of files) you are met with a message similar to this.

Immediate actions on discovering a ransomware attack?

Disconnect: Without doubt the first thing you must do is disconnect the infected computer from the network and even power down everything. Don’t panic, the instant you see a message resembling the one above or if you suspect that a link you have clicked on may contain a virus of any kind, remove the Ethernet cable from the back of your computer to prevent the virus spreading to other computers and servers on your network.

Report: Your next step should be to report the attack or suspected attack to your systems administrator or office manager. It is vital that all users on the network be made aware of an attack or attempted attack to ensure the vigilance of other users on your network. It is likely that other users have also received similar phishing emails and your quick response may prevent further damage.

Assess: Have your onsite IT support or IT support company immediately investigate the source of the attack and the likely impact to your systems, and to confirm if it was, in fact, a ransomware attack. While most ransomware attacks are the real thing, there are numerous cases of fake ransomware events that don’t actually encrypt your files at all and other variants that can be defeated by traditional antivirus and malware tools.

Should you pay the ransom?

This is a decision that you alone are going to have to make but you must first consider a number of factors;

  • The people you are paying, are criminals whose sole motivation is to deprive you and your company of your hard-earned cash (paid in bitcoin) and so you are contributing to the ill-gotten gains of a criminal enterprise.
  • If you pay, you are in fact more likely to be attacked again, as you are viewed as a soft target.
  • There is no guarantee that the cyber criminals will unlock, or have the ability to unlock your files. Ransomware is often sold to criminals in what is known a Ransomware as a Service (RaaS), in that the developers of the virus sell it on to other criminals who simply have a method of distribution but may not have the technical ability to unlock your files, once you have paid.
  • Is it a single machine or the all machines connected to the company’s network and what impact does the loss of data and downtime have on your operations?
  • You may decide that the payment of several hundred euro is a small price to pay to have your valuable data available and systems back on line again. There is no reliable data available to determine what percentage of victims pay up, as companies rarely admit to paying ransoms as this would also be an admission that their networks were compromised.
  •  We at IT.ie would strongly advise that you do not pay, however we understand that you may be in a position where you feel that you have no other choice and we will support your decision and advise you on the steps to take.

What should you do to prevent data loss?

Backup, Backup, Backup – I can’t emphasise this strongly enough; if you want to be certain that your company’s data is not lost forever, then you must engage with an online backup service provider. If you have a reliable and secure online backup service, you will recover your files regardless of the reason for the loss, whether it be, ransomware, fire, flood or simple human error. Online backup is inexpensive and guarantees the integrity of your valuable data. IT.ie are regularly contacted by companies that suspect they may have been the victim of a ransomware attack. Once we have established that you are the victim of an attack and advise you on the steps to take to minimise the damage, we will then investigate if you have an online backup service. If you have, we can usually have you back to full capacity within several hours depending on the severity of the attack. If you do not have an online backup service, then I’m afraid you are going to be left with some very difficult decisions to make. Please read our post on “Online Backup V Online Storage“.

The team at IT.ie are available to talk you through the best online backup options available to you and your company. Please go to our page here for a guide to online backup pricing. Regardless of whether you engage our services or the services of another provider, we strongly urge you to immediately protect the integrate of your data with a reliable and secure online backup service.

Other Forms of cybercrime

Phishing: This paper has primarily dealt with a relatively new form of phishing, known as ransomware. Phishing has been around for many years and is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”. Remember the Nigerian Prince emails scam? While very few fell for this scam, those that did learned some very hard lessons.

Identity Theft: Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. This is something that you should be aware of and concerned about both as a business owner/manager and private citizen. While identity theft is a cybercrime, in that the personal information stolen from you may be used fraudulently online or the personal information itself may be stolen by means of you responding to unsolicited emails; information may also be stolen by less sophisticated means such as someone going through your bins or looking over your shoulder at the ATM machine. If you are a Facebook user, you have likely seen a post from a friend, warning you not to accept a friend request from them as someone has set up a fake Facebook profile in their name. If you accept the “fake friend” request, the person who has set up the fake profile will have access to some of your personal information (Information you have agreed to share with Facebook friends) and can use this information to build a profile on you with the intention of stealing information relating to your identity or for the purpose of drawing you into some type of scam. This list below offers some useful tips in preventing identity theft.

Hacking: Most companies, even sole traders have websites. Your website is possibly your most important marketing tool and the window to your business for potential clients or customers. If you have any form on eCommerce on your website, then it is likely you will have the financial details of your customers stored on your servers. If your website is hacked, the hacker has the potential to crash your site, change any element within your site or most concerning, steal the personal or financial data of your clients and customers, resulting in a negative impact to you and your company’s reputation and possible legal implications from the loss of client’s data. Talk to your web developers or website hosting service about, how to best protect your site from hackers.

Lessons Learned

This series on cybercrime was undertaken to aid the clients and friends of IT.ie, to be prepared, as best they could, for a cyber-attack, and in particular, a ransomware attack. This is by no means an exhaustive guide but looks at the best practices applied by IT.ie and leading experts in the cyber security field. So, what have you learned?

  • Cybercrime in its infancy has been around for as long as computer code, although early hackers and many ethical hackers today simply look at ways to improve computer code for the end user. The first large scale illegal hacking was in 1989 when hackers stole $70 million from the First National Bank of Chicago.
  • Ransomware attacks by way of phishing are probably the biggest threat to your business, at this time, with a reported 97% of phishing attacks being of the ransomware variety.
  • To best prepare and defend against a ransomware attack, IT.ie highly recommend that you implement our C.U.B.E system:
    • Communicate
    • Update
    • Backup
    • Educate
  • Look at implementing an IT policy that looks at how team members use your IT equipment for private use i.e. checking Facebook, private emails etc. While some companies have a policy that does not allow staff to use company systems for private use, others find it is better for team morale to allow the team members access the private mails etc. at break time. You should also look at what access to your IT systems each member of your team requires, depending on their responsibilities, and restrict full access where necessary.
  • If you do fall victim to a ransomware or any other form of cyber-attack, you should.
    • Disconnect the infected computer from the network immediately.
    • Report the attack or suspected attack to your network administrator or office manager.
    • Assess how much damage the attack has caused and ensure you have taken the above steps to prevent the continuance of the attack.
  • To pay or not to pay, that is the question?
    • Once you have assessed the damage or potential damage to your systems, and have spoken to your on-site or outsourced IT support, you must seriously look at the arguments for and against this. IT.ie strongly recommend that you do not pay as there simply is no guarantee that the cybercriminals who encrypted your files will have the knowledge or expertise to de-crypt them. You may also be viewed as a soft target and attacked again.

 

Following the steps above will greatly reduce your likelihood of falling victim to a ransomware attack, however, at the time of writing this, there simply is no piece of software or tool that guarantees you won’t fall victim to attack. If you are connected to the internet, you and your company are potential victims. If we at IT.ie were to pick a single recommendation from those listed above, it would undoubtedly be to backup your data online. The one sure fire method of recovering your data, should you fall victim to an attack, is to engage the services on a reliable online backup service. If you currently don’t have your data backed up online then I strongly urge you to contact us, and we can talk you through backup options that best suits you and your company.

 

2017-07-18T12:24:21+00:00 June 28th, 2017|Data Protection, Ransomware, Scams, Security, Virus|Comments Off on Ransomware – The Complete Survival Guide