Thursday, October 27, 2016

Ransomware and Lost Data

It's nearing the end of the work day and you're working through a final batch of emails. You click on the one that was sent from your colleague including a file that you were not expecting. Without a second thought you open the file and click through the annoying pop-up windows that seem to just get in the way of you getting home. Nothing happens and you try to open it again. With no further success you decide to call it the end of the day and head home.

The next morning you come to work and instead of your regular computer desktop you're greeted with a message stating that all of your files—the ones you said you would eventually back up—are encrypted and that if you wanted them back you would have to pay. You frantically check to see if this is some prank and that your files are actually ok, but every one that you try to open just won't open. You check with co-workers and contact IT Support to see what can be done. You try to find solutions on-line to your predicament, but all roads lead to the inevitable fork in the road; either you pay and hope the attacker keeps his word, or you accept the loss and restart from scratch.

Photo by Christiaan Colen / (CC BY-SA 2.0)
Thousands of people have faced this scenario over the last few years in the form of ransomware. This particular form of malware infects systems and attempts to encrypt every file it can get its digital claws on. Not just files on your computer, but any that are on connected devices like flash drives or even network drives. You may have heard of ransomware variants such as Locky, CryptoLocker, or Cryptowall. Many people end up paying to get their files back. A lucky few are informed of alternative ways to reverse the damage, but many more simply accept that their files are gone and struggle to get back to work. There are many others, though, that can, with a little effort, simply clean their systems and restore their files and continue on as if nothing happened.

There are a number of rationalizations that people make to avoid taking a few extra steps to protect themselves:
  • I don't have time for this, it will take too long, I'll get to it eventually.
  • I’m not technical enough to implement these security measures.
  • I'm security conscious, I'm pretty sure I would never fall for something like that.
  • My data is just not that important, so why do I need to bother?
  • I have way too much data to backup, and every solution is really expensive.
Preparing for disaster is far easier than many anticipate and will take less commitment than you think.

Many tips that people will give you include a number of technical steps, which, if you implement them, can help you reduce your chances of becoming a victim of a ransomware attack. They include steps like using anti-virus software and keeping it updated, being mindful of unexpected attachments in email, and implementing safe-browsing practices while exploring the web. All of these are very good suggestions and will help you minimize your exposure. However, none of these can truly prevent the loss of your data in the event of compromise or even unintentional loss through a failed drive, accidental deletion or overwriting of data. The simplest and most effective thing you can do to protect your data is to back it up.

Enterprise level backup solutions are often invisible to the end user. Network file shares should be properly backed up but you can't always assume this. Check with your organization to ensure that they are providing this service if you rely on storing your important data on enterprise hosted network shares. Desktop and laptop backup solutions are other enterprise level options that involve installing a client on your system that will backup files to an organizationally hosted backup service. We encourage you to explore the backup options available at your organization.

If you have no options at your organization for backups or you’re looking to backup your personal systems there are a number of available services that you can utilize. Mac users already have a built-in backup service called Time Machine that you can use with Apple’s ‘Time Capsule’ or any other external storage device that you have available. Windows users have a built-in backup solution as well called ‘File History’ which can also actively backup important files on your computer. Please note: Some of these directly attached backup solutions are being actively targeted by ransomware designers so please make sure to research your selected backup solution for recommendations on proper deployment.

Aside from the built-in solutions on these various operating systems, you can also look into cloud services for storing your information. Services like Box, Carbonite, and other companies offer different types of backup and online data storage services. Make sure you check to ensure that they provide a backup service with access to historical versions, not just current online copies of your data. It is not a true backup service if you are unable to get an original copy of a file before it has been corrupted.

On a final note, be mindful of the type of data you are intending to backup as well. Protected data like HIPAA, PHI, et al, have strict regulations on where that data can be stored. If you work with any kind of sensitive data you should seek consultation on the best course of action for storing this information.