,

Ransomware

TO PAY OR NOT PAY THAT IS THE QUESTION…

Ransomware is fast becoming a big issue from startups to enterprise businesses. For those not familiar, Ransomware is malware that prevents access to users files by encrypting them and then demanding users pay a ransom through certain online payment methods (typically Bitcoin) to get a decryption key.

Recently a NHS trust in England had to shut down their infrastructure due to Ransomware and labelled it as a ‘Major incident’ meaning appointments were cancelled.

“A major incident has been called and all planned operations, outpatient appointments and diagnostic procedures have been cancelled for today and tomorrow. All adult patients (over 18) should presume their appointment/procedure has been cancelled unless they are contacted. Those who turn up will be turned away.”

Northern Lincolnshire & Goole NHS Foundation Trust

AVOIDING RANSOMWARE

cryptolocker-2-0
Demand Notice – CryptoLocker

The best way to avoid Ransomware is to make sure users keep their whits about them, often this Malware is sent via emails with infected or booby trapped documents. They need to ask themselves if they trust the sender, and the same applies when downloading documents, files and applications from the internet.

PREVENTION

firewall

Now this is a combination of good desktop security practice, anti virus, web proxy, disabling macros, email filtering, Intrusion prevention systems (IPS), Intrusion detection systems (IDS) ect….

The most import method of prevention is educating users to the dangers of opening suspect files!

BACKUPS, BACKUPS AND MORE BACKUPS!

backup-cloud-button

Something I cannot stress enough is good quality backups, taken often and tested! The best way to get back from a Ransomware incident is to simply restore the files, no messing around with Ransoms or trying to decrypt the data.

SHOULD I PAY?

 

happy businessman with heap of money

If there is absolutely no way of restoring your data then paying may well be your only option. Some companies have publicly revealed they have paid ransoms and gained access to their decryption key (examples here and here). Then there are those that have indeed paid and were not!

Should you decide to pay, bare in mind you’ll be likely to be targeted again as you have paid a Ransom!

My advice is not to pay and do your best to recover, experiences very, you’ll likely be targeted again and have no guarantee you’ll get your data back.