Ransomware

Ransomware is something you may have heard about on the news but don't fully understand. The most high profile cases this year include Baltimore City government who were hit with a loss of over $18 million, and multiple healthcare providers. One of these healthcare providers paid $75,000 to recover it's encrypted files. Click here for an article to see many other high profile cases.

These big stories make the news and sometimes it's easy to think that cybercriminals are only interested in targeting large organisations. But one stat from the above article shows that small to medium sized businesses face the largest risk.

So what does ransomware do? It is designed to encrypt files on the victims system and quite often the user is then instructed to pay money to fix this encryption. Normally you get a message on your screen saying that your machine has been locked and you need to pay to fix the problem. Sometimes these can seem quite legitimate. We have seen a machine locked with a message claiming to be from the New Zealand Police. It said "your computer had been locked due to illegal software and you have to pay $2500".

As with so many things in life we recommend that prevention is better than cure. Ensure you are using an up to date antivirus solution and that all your servers and workstations have all the latest updates. These will help reduce the risk of ransomware affecting your systems.

You can never be 100% certain that your antivirus will stop all potential ransomware attacks. The cybercriminals are constantly trying to be one step ahead of the security available. This is where having a disaster recovery/backup system is critical . Usually system downtime has the biggest financial cost on a business during a ransomware outage.

If you do find you've had a breach:

• Don't pay the ransom! The people behind these attacks have already proved they are not the most trustworthy individuals and there is no guarantee they will fulfill their side of the deal.
• The first thing to do is to turn off the affected computer and remove the network cable to quarantine the device. You don't want it spreading to other devices on your network!
• Then contact the team at Computer Culture and we'll get straight on to resolving the issue. The sooner we can start fixing the problem the better the chance we have of stopping it spreading to other machines on your network.