Stressed business woman with computer screen showing personal files encrypted text, Ransomware malware attack. Business computer Hacked. files encrypted.

Ransomware: The ugly truth and how you can be better prepared

After seeing several new threats this year already, some old ones are still lingering. Surprisingly, some businesses are still caught unprepared. The truth is that different types of malware are rearing their ugly heads with new ways of taking advantage. Ransomware is a severe threat. Recently, we heard about a business that had the misfortune of dealing with just this.

Ransomware is a form of malware that encrypts the victim’s files. A ransom demand is made. The criminals claim they will release your data once you’ve paid. When your information is encrypted, Spire (and other programs) won’t be able to read your data files—bringing business to a grinding halt. You won’t be able to access your data or enter in new data. This putting you at the mercy of the attacker. Ransoms vary from a few thousand dollars to several hundreds of thousands, if not more.

Ransomware can make its way into your system in several ways. The most common is through scam phishing emails. These emails look like you a communication from a known source; direction from your boss, a payment from a client, or email from a vendor. Often these look like short little “chat-type” emails with an attachment or a link, enticing you to click or open. For example: “Did you write this?” or “I have a special project for you.” These files will come in masquerading as a file from a sender you would trust, making it challenging to decern if it’s a trustworthy message. Once you downlaod them, they take over your computer and your server.

The best defense against ransomware is to be ready. While there are anti-virus programs that can catch malicious programs as they arrive, being diligent is best practice. Proper data management will save you from being a victim of ransomware.

Here are four tips:

  1. Keep up with patches for your operating systems and staying up-to-date to help ensure fewer vulnerabilities.
  2. Never install software or give admin privileges unless you know exactly what it is. Better yet, leave software installation to the experts.
  3. Talk to the experts! If you have an IT department or are outsourcing IT company, stay in touch regularly to ensure that they provide you consistent service.
  4. Last and MOST importantly! BACK UP YOUR DATA! If your data is backed up, the ransom attackers can ask you for billions, and it won’t matter. You should back up your data incrementally and automatically at pre-set times. Offsite back ups are a smart way of securing your data. This way should you be a victim, you can quickly recover. Having a direct connection for your backups to your network will not help. The likelyhood is that a connected backup will also suffer from this attack.

Atticipating this type of attack is the best defense. Taking the time to have a company-wide informative session on digital threats such as email phishing scams is well worth every minute. Just sending a memo might not be enough. Educate yourself and your staff on being diligent. Inform them of the best ways to handle a suspicious email.

Consider these suspicious email subjects or topics:

  • Be wary of emails that ask for login credentials
  • Emails that threaten to suspend an account or services without a response
  • Messages informing you of a virus (not coming from your in-house anti-virus)
  • Invitations to click to solve any of the above issues.

Click here to read about how Spire manages backs ups.

The truth is that even a privately hosted solution with the best anti-virus in the world and religious backup procedures can experience a ransomware attack. Being aware, being vigilant and having a recovery plan is the best thing you can do to ensure your business can survive such an event should it occur.

For more information on how Spire handles backups and data security in our hosting and cloud products contact us today.

Leave a Comment

Your email address will not be published. Required fields are marked *