Blog / Ransomware is still around… and it’s also a lot closer to home than what you might think!
Ransomware is still around…
And it’s also a lot closer to home than what you might think!
Following is the latest Newsletter by TRINUS’ Cyber-Security Technician, Karl Buckley:
Late last year there were several Ransomware outbreaks in Europe. However, they never really seem to hit close to home. Occasionally some isolated company gets hit, but that’s all we ever here about.
Well, on Monday April 23, the P.E.I. government website got hit by a Ransomware Attack. Yes, Ransomware exists in Canada too.
Ransomware is still very much out there and will remain quite a BIG thing, most likely for a long time to come!
Chances are the Prince Edward Island government wasn’t aware that the website had been compromised, until someone complained about it. Most methods of monitoring a website simply confirm that a URL is responding. Historically, that’s been the focus of most methods for monitoring services, to see if they are available. An automatic system that checks to see if a website is “up” is simple to create and not resource-intensive. These have always been limiting factors in that sort of set-up.
So how do you defend against Ransomware? – On a Technical level, it’s very simple:
1) Do regular (daily) backups of all your important information – Ransomware encrypts your files, so you can’t access them. Rather than pay the ransom, simply restore your backups. This DOES mean you will lose a bit of information (anything between the backup date and the encryption of the files), but this is also a guaranteed fix. Paying the ransom is not a guarantee you will be able to get your information back. Some Ransomware is so poorly designed, that it is virtually impossible to decrypt these files.
2) Monitor your backups – It’s important to monitor your backups, in order to make sure they are working. This means someone needs to be responsible for testing the archives periodically. Backing up is not a set and forget thing. You need to keep an eye on it, to make sure that if and when you need them, the backups will work.
3) Set up File Monitoring & Alerts – The way to detect you have been infected with Ransomware (before it’s finished doing its damage) is noticing that files are being encrypted. This can be done by using monitoring software that keeps tabs on important files. When it detects that files are being encrypted, it then sends off warning messages about the activity. This allows a human to take action.
4) Test your Monitoring & Alert software – Periodically run a test of your monitoring software to make sure that:
- a) It’s working
- b) It’s sending out proper notifications
If you have a tool but it’s not working properly, then it’s not doing you any good. Don’t simply assume it’s working because everything appears to be running smoothly. Remember to check from time to time.
5) Alerts need to be considered important and sent to multiple people – If an alert is generated, it needs to be taken seriously and action needs to be properly prioritized. Some alerts are non-vital and action can be delayed; others require immediate action. Sending alerts to multiple people is also a good idea. This allows a redundancy level (you never know when someone might get sick, or be busy and miss an email.)
If you have been infected with a piece of Ransomware, it’s possible you may be able to recover the information without resorting to restoring a backup. There are multiple websites that offer decryption for certain varieties of Ransomware:
There are probably more, but I found these with a quick bit of Google-fu.
If you have any questions about Ransomware, you can always reach out to your TRINUS Account Manager for some stress-free IT.