Qantel Product Resources

Ransomware: Why You Should Care and What You Need to Know

Ransomware is quite simply what the name implies. It is malicious software that encrypts files and then demands a ransom, effectively holding your data hostage until the ransom is paid. Nobody is immune. Home users all the way up to government agencies including police departments have had to pay to regain access to their data. We know of Qantel customers who have been hit: some have paid, some have restored from backup.

Once one computer is infected, ransomware worms its way through the network infecting all attached network drives. You may not know that you've been infected for several days -- when a message that you have to pay ransom appears. By the time you see the message, the malware has done its damage undetected -- likely in multiple backups as well.

The most famous type of ransomware is CryptoLocker and its variants (the current hot one is CryptoWall). CryptoLocker encrypts your data files with the highest level of security encryption available, which is almost impossible to break unless you know the security code needed to unlock it. If you give the attackers a few hundred dollars, they’ll give you the code required to release your data. The FBI was able to neutralize CryptoLocker servers in June, but by July, a new network of servers running a variation was up.

There are different types of ransomware but they all operate similarly: they infect your system then try to get you to use something like BitCoin to send them money. Infections usually start at a client workstation. A user simply clicks on a link in an email (from the FBI or IRS or Federal Express or anybody) or on the web and the malware is installed without the user's knowledge. Since it can take a few days for the ransom message to come up, it can be difficult to tell where and when the infection started.

How can you protect yourself? First and foremost, be sure all PCs in your network have current antivirus software running. Second, be sure everything is backed up regularly; store multiple generations of backups securely, offline and preferably offsite. We cannot stress enough the importance of having multiple generations of offline backups. Online backups are fair game to malware and other viruses. You need multiple generations since you may have backed up the infection and/or damaged data before you discovered the problem. Finally, a gentle reminder to your users about being careful what they click on and run can go a long way towards prevention.

What if you get infected? There's a website that may be able to help: you send them an infected file and they try to decrypt it, sending you the key. Qantel Technologies is not associated with the site; we are just aware it exists. For more information, please see this PC World article about freeing your files from ransomware.

You have tested your backup and restore processes recently, right? We can help you develop a backup strategy that provides the best protection for your data. Contact the Qantel Helpdesk or call us at 630.300.6997.