SECURITY THREAT: Ransomware
What is Ransomware
Ransomware is a type of malware that infects computers, encrypting their vital data and demanding money in the form of bitcoins to regain access.
What should you do when you discover your computer is infected with Ransomware
When you discover that a computer is infected with Ransomware, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files on the network.
Then check your current backup solutions to begin restoring your information.
Is it possible to decrypt files encrypted by Ransomware?
In most case the answer unfortunately is no, therefore you must make sure your backup solutions are up to date and verified.
Will paying the ransom actually decrypt your files?
Paying the ransom is no guarantee you will have your files restored, but this is a decision you will need to make if you have no backups of vital files infected by this malware. Paying the ransom will start the decryption process. When you pay the ransom you may or may not receive the decryptor software to start decrypting your files from the hackers.
How do you become infected with Ransomware
This infection is typically spread through emails sent to company email or remote desktop connections.
Ransomware and Networks
Ransomware can encrypt data stored on network shares if the shared folders are mapped as a drive letter on the infected computer. Despite what some articles state, Ransomware does not encrypt data on a network through UNC shares. An example of a UNC share is \computernameopenshare.
It is strongly suggested that you secure all open shares by only allowing writable access to the necessary user groups or authenticated users. This is an important security principle that should be used at all times regardless of infections like Ransomware.
Endpoint security is a must in today’s threat landscape. All network computers should be secured with industry proven security software like Webroot, and Malwarebytes.
Most viruses and spyware issues come through web browsers and email software. Having a secure web browser like Chrome or Firefox will help lower infection rates. Services like Office 365 and Gmail offer better junk mail protection and lower the possibility of opening a phishing email containing a virus.
A two tier backup system will save your computer and files if you happen to be affected by this virus. A backup software like Veeam will take a snapshot of your whole system, including files and programs. This will allow you to restore your whole computer before the virus caused any issues. While IDrive, another backup program can safely backup your files in the cloud. Should your computer become compromised you can download your backed up files directly to your computer after removing the malware.
Here are a Few Tips to Follow
Use Firefox or Google Chrome as your web browser
Use secured methods of remote access
Make sure you are using a security software that is up to date, like Webroot and Malwarebytes
Make sure you are using a backup software as mentioned, like Veeam and IDrive
Please be careful what links and attachments you click on