In the past we’ve blogged on numerous occasions about the threats presented to businesses by email born viruses and ransomware (see our Phishing, spear phishing and whaling post) – which is where a piece of malicious software is unwittingly downloaded to a computer on your network and starts to encrypt everything it can find.
This includes your data, your documents and anything that it can find that’s attached to your PC, which could be data on your server, data on other networked computers, connected hard drives, even files that you’ve stored in the cloud.
Once it’s finished encrypting your documents you’ll see a warning pop up on your screen demanding a ransom, typically with a limited timeframe just to add to the pressure, and if the ransom isn’t paid then your files (all of your files) will be locked and inaccessible.
Even if you do pay, there’s no guarantee that you’ll be given the unlock code, these are criminals after all.
Probably the most well known version of this is Cryptolocker, which we wrote about back in 2013 and 2015, although a newer one called SamSam locked down 10 hospitals in August 2016.
Sobering facts about ransomware
- Since 2005 ransomware has cost business more than $57Bn (est.) in ransom payments and lost productivity [Gartner],
- ransomware was estimated to collect $1Bn in ransoms in 2016 [Gartner],
- The average demand ranges from $200 to $10k [Datto: ransomware 2016],
- A naive user is alerted by the ransom demand (above)only once encryption has completed and the files are fully locked,
- Traditional anti-virus solutions can’t be guaranteed to trap/block ransomware,
- A single infected device can encrypt all connected devices – including back-up drives and cloud services,
- Attacks are predicted still to increase in volume and sophistication.
What to do
- Set up a dedicated crisis management team – this could be internal or Bristol IT Company, for example,
- Evaluate/understand business risk and set up recovery options to counter the threat,
- List all vulnerable storage locations, devices, servers, network storage and cloud resources,
- Consider the true cost of an infection,
- The cost per employee in wasted salary, etc.,
- The time involved in re-creating completely lost records,
- How many actual infections might occur per incident
- Plan and implement a ransomware-proof backup solution
- Plan for the worst and hope for the best
Sophos’s “X-cellent” solution
At Bristol IT Company, we are always on the lookout for new solutions that will reduce any IT pain that our clients may feel, which is why we are delighted to introduce you to Intercept X, from UK security experts Sophos.
What is Intercept X?
Simply put, it’s the solution to the problem. Intercept X will:
- Stop any ransomware within milliseconds of it attempting to encrypt files,
- Block “zero-day” threats without needing a traditional signature-based virus detection system,
- Deep clean your system – removing ALL traces of lingering malware,
- Provide easy-to-understand reporting of attacks, allowing detailed analysis of how an infection occurred.
- Integrates with perimeter security hardware (firewalls and email/web filters), to instantly prevent any contaminated device passing an infection across your network, and to block access to remote threats across the internet.
This two-minute video from Sophos explains the unique value of Intercept X: