First thing’s first – what is Ransomware? Ransomware is when your data is maliciously encrypted, and a ransom is demanded in order for you to get they keys to unencrypt your data. While your data is in it’s encrypted state, you can’t use it. It might as well have been deleted. This sounds bad – and it is. So here’s how you can start protecting your business from ransomware.
Words can Hurt
Just like the whole Cloud and IT world at large, we’ve got some words to learn to be able to understand the whole story here.
Malware
Malware is any program or software which was written with the intent of causing someone else’s IT systems harm. So Ransomware is one example of malware. A traditional computer virus is another example of malware.
Bad-actor
No, this isn’t a list of my least favourite Hollywood actors (I’m terrible at knowing who celebrities are at the best of times). Here we’re talking about people with malicious intent, who are interracting with our computer systems. Someone who writes, or intentionally spreads malware is said to be a bad-actor.
Encryption
The buzzwork “crypto” is throws around all over the place these days. Crypto is just shorthand for encryption. Encryption is happening all the time, and is brilliant! In fact, I delivered this article to your device over an encrypted chanel.
The Enigma machines of World War 2, they were a form of encryption. Information goes in, along with a secret (think of the secret like a password). Out of the other side comes a scrambled message. But if you take that scrambled message, put it back through the same type of encryption machine, so long as you have the secret too, you can unscramble the information.
So when we’re talking about your data being encrypted, we’re saying it has been put through one of these encryption machines – in this case it’s a program running on your computer or server. The bad-actors want money from you in order to hand over the secret, so you can unencrypt your data, and thus turn it back from scrambled jibberish, back to your data. The encryption software is still on your computer, but without the secret, it is useless.
BitCoin and Crypto-Currency
We’ll get into cryptocurrencies properly another day. For now, Bitcoin is a form of cryptocurrency, and crytocurrency is just another foreign currency to the one in your pocket. This one doesn’t have a bank or a country behind it, but let’s not get into that now. For now, let’s just agree that many people attribule a real-world value to these crytocurrencies, and therefore if you have some bitcoin, you can trade it for real money. That means if someone wants bitcoin from you for something (unencrypting your data for example), they can later swap that for real money, and it’s jolly difficult to prove who made that trade. So now you can see why crytocurrencies get their bad name being that they’re great for criminal activity.
The Three R’s
In the olden days this might have stood for Reading, wRiting and aRithmatic, but you know what I’m about to tell you it should stand for now don’t you? Ransomware Ransomware and Ransomware!
But joking asside, education is key, and is always your first line of defence against bad actors. A computer, server, or any other machine will simply do as it is told, unwaiveringly and without question. It doesn’t matter who those commands come from. So if your staff are into frequenting the more… exotic corners of the internet on their work IT equipment, there’s a good chance they might see a pop up or twelve. If they click through enough warnings (software is getting good at saving us from ourselves these days), they will eventually be at the point of instructing the computer to install malware onto itself. That is how it happens. There are very few examples of malware creeping silently onto a computer and infecting it. No, someone probably told it to go ahead, and then ignored the warnings which appeared.
And so this brings us to our first point – education. Do your staff know what to look out for? Do you know what to look out for? Bad guys are pretty clever, and make it very difficult to know what’s real and what is almost real.
There’s lots of resource out there onplatforms like Udmy from experts, and enthusiasts, alike. Maybe vet a couple of videos yourself and buy access to a short course for all of your staff? The humans sat at the keyboards really are your first, and best, line of defence, so invest there first.
Keep up-to-date
Updates are frustrating but absolutely vital in the fight of good versus evil. Okay, I might have overblown that a little in a vain attempt to make cyber security sound cooler than it actually is. However, you should totally do your updates to patch all the latest vulnerabilities which have been detected in the software we all use every day.
You should have a system for doing it too. Depending on the size of your business, and how much bespoke software you use, you might want to have all the latest and greatest patches applied to everyone’s computers as soon as they’re available. Or you might want to wait a couple of weeks to see if other folks report problems.
That couple of weeks “wait and see” might be even more important on your company’s server estate. It’s super important to protect your IT estate from vulnerabilities, but you need everything to remain stable so you can run your business too. As with so many things in business, and life, it’s a compromise.
Backups
Okay, I’ve put off talking about backups until right at the end, but they’re super important if you want to protect your business from ransomware. Why is that? Well imagine I encrypt all your data today; is last night’s data any good to you? It probably would be to me. So in that case, I have no reason to hand over my money to the bad guys – I’ve got another copy of my data thank you very much.
When we’re talking about backups, though, in order to protect ourselves from ransomware, we need to take offline backups. An offline backup is a copy of your data which isn’t available to your computer all the time. If your computer is infected with ransomware, it will attempt to encrypt all the data on all the drives it can find – and that includes your backup drives.
Services like Backblaze or Amazon S3 are the answer to this. That’s storage which isn’t directly connected to your computer or server, and uses special software to move data between them. That means that when the ransomware comes to encrypt everything it can, it is very unlikely to see your offsite backups when being used with services like those.
Belt and Braces
So which of the above should you do to help protect your business from ransomware? All of them! Once you have processes in place, it’s easy to have all of these safeguards in place all at the same time. Make sure you take the first step today! Sign up for one of the cloud backup services I mentioned. Have a look to see when the last time your computer was updated. Stay one step ahead of the bad-actors, and stop being an easy target.
You know your business better than anyone, so use this to inform your next steps. Cyber security is a vastly complex area, but you’re not alone. Check out our other blog posts on security, or even reach out to us to see how we can help.
