The phone rings, and a medium-size client is in a bit of a panic. The initial question they ask is, “Do you have our general ledger detail reports and copies of our trial balance reports, and if so, how many years do you have?” The response is that we have some but not all of it. The conversation continues, revealing that our client has been hit by a ransomware attack with a payment of five million dollars in bitcoin requested to unlock the data. Sadly this conversation is not rare or unique any longer. Ransomware is part of the landscape both our clients, and we operate in daily.
Ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid. Sometimes, the malware will lock the entire computer system; other times, it may just encrypt part of the data on a computer. Either way, ransomware will make it impossible to access your data until a ransom is paid. If left unpaid, ransomware will threaten to delete your files, leaving you without access to important information.
Ransomware is not going away anytime soon. The pandemic forced many companies to change their security protocols to protect employees working remotely and outside the traditional company defenses. That shift, along with the growth in criminals using ransomware, contributed to a sharp increase in such attacks during the pandemic. It is very important to know what ransomware is, what you should avoid, and how to protect yourself and your company.
Although there are different types of ransomware, most have the following items in common:
- The ransomware will encrypt your files or lock up your entire computer system and demand some sort of payment to decrypt or unlock the system.
- There will almost always be a message on your computer screen that will threaten to delete the files if you fail to pay the ransom.
- The most common delivery method for ransomware is through email attachments.
Now that we know what ransomware is, how do we best avoid it? The best way to avoid ransomware attacks is to be very vigilant with what you download and install on your computer. Only download files from trusted sources and websites. If you receive a strange email, do not open it. It is extremely common for someone to open an attachment from an email that looks familiar but is actually malicious. Never open an attachment from an email you do not recognize!
It is also important to always keep your computer and all of its software updated and backed up. Be sure that you are applying all recommended security patches and updates promptly. This will help stop criminals from exploiting known vulnerabilities. Additionally, test the backups regularly to be sure it will be possible to restore the data to your system.
To help keep your data and files safe, always use strong passwords. Be sure to use upper case, lower case, numbers, and special characters in your passwords. Do not use the same password for different logins. Although this can be difficult to keep track of, it is vitally important for the safety of your data. If multi-factor authentication is available, turn it on. Multi-factor authentication adds an additional code to allow access. While this can make access seem more difficult, it is a great tool to help secure your systems.
If you end up becoming infected with ransomware, there are several steps to take to recover your files without paying the ransom. Sometimes you can successfully remove the ransomware using an antivirus program. Other times, restoring your computer from a backup will resolve the ransomware issue. In almost every case, you will not be paying the ransom, so be prepared to recover your data.
Ransomware attacks are an increasingly significant issue, disrupting all businesses, and are only getting more sophisticated and more frequent. The best way to protect yourself and your business is to be vigilant and always cautious with how you maintain and use your computer systems.