It happens. Someone in your company receives an email that looks pretty legit, clicks on a link or opens an attachment, and then notices something is wrong. Sure enough, they were hit with some sort of spyware/virus infection. Keep your fingers crossed that it was not a ransomware variant (like Crypto locker – once infected you need to pay the ransom to get your files back).
What is ransomware?
Ransomware is a nasty spyware/virus infection that seeks out all of your files and documents then encrypts them. Basically, it completely locks you out from accessing the files until you pay the ransom or delete them all and use the backup copies. Not a fun place to be. This infection can quickly spread to your network files so it will wreak havoc for all of the users in your company.
So I’m infected, now what?
First thing is to contact your IT support so they can get in front of it. The sooner the techs can stop the infection the better – it does not take very long for all of your company files to be infected and all of your users to be shut out. Once your IT group is working on this, they will turn off all file access and stop the infection from spreading. Looking at the infected files, it is straightforward to determine which user initially got infected and when. Then the cleanup begins with the user’s machine by getting it back into normal working order. Consequently, the infection is stopped from spreading any further by completely locking the file access (the users cannot access any files but neither can the infection). Once the user’s machine is clean, then the file access is restored and it is time to clean up the encrypted files. The easiest thing to do is delete all of the infected files and restore them from a backup. Ultimately, there will be some downtime and maybe a few lost files so it is always best to avoid being infected.
Can anything be done to avoid this?
I wish there was a secret weapon to prevent these infections but there is not. New variants of these spyware/ransomware/virus apps are constantly being released so the anti-virus/anti-spyware applications cannot keep up in real time. The most effective way to avoid getting infected is with the users. If no one clicks on any bad links or infected attachments in email, then there would not be any infections. This can be difficult to manage though since the spyware firms are getting more and more sophisticated. Waident has a finance client that was infected with a Crypto Locker variant because the email looked very much like it came from one of their regular banking clients with the proper logo (most of the users noticed it was a fake but a few did not and it only takes one click!).
- Educate your users – Tell them to only open files or click on links if they are 99% sure it is safe. If there is any doubt, it only takes a few seconds to reply to the email and confirm with the sender. Send out regular emails about this throughout the year.
- Backup your data! – The easiest way to recover from a ransomware infection is to restore your files from backup. If you do not have good or recent backups, then you may have lost all of your data. Backups in general are super important so treat them as a critical part of your business.
- Ensure your Spyware/Anti-virus protection is continually up to date – Have a procedure in place where the protection applications are updated at least daily.
- Reporting – How do you really know if all of your machines are updated? – Reports are a must. Review a monthly report that details out the latest updates to ensure you are in good shape.
- Discuss the topic – Twice a year or more sit with your IT folks and have a business discussion about this topic to make sure you are doing everything possible to be proactive. Much easier to prevent the infection then to clean it up later.
Take – A – Ways
- Backups are the number one safeguard
- Keep Virus protection and Malware software up to date
- Train your users to be vigilant