Our Blog

Yet another reason to employ an off-site backup of your business-critical data

Many of you have heard of ransomware and the havoc it can cause. Last spring, we reported on a previous strain that represented an escalation in sophistication of such attacks, which eliminated the possibility of using Windows’ own mini-backup (for lack of a better term) called Shadow Copy.

For those of you who who might have your head in the sand, ransomware is a particularly nasty form of computer virus that encrypts the files on your computer and your file server, rendering them inaccessible. The only way to regain access to your files (in absence of Windows’ Shadow Copy — which offers spotty success at best — or a good, off-site backup) is to pay a ransom to the perpetrators, and hope that they will honor your payment by giving you reliable means to decrypt your precious data. Early ransomware would start out with something like a $100 ransom (in Bitcoin cryptocurrency) that would increase if you didn’t meet an initial deadline (count-down clock provided), and then, eventually, if the final deadline passed without payment, you’d lose your files forever. Later ransomware had a fixed ransom of between $500 and $1,500, with a single deadline (count-down clock still included). Additional sophistication in ransomware has come over the course of this past year, including an encryption not only of the files’ content, but also of the filenames themselves (e.g., instead of your “Letter to the editor.doc,” your file’s name would be “e7xoadk31#.doc”) Perhaps the most galling of developments?: ransomware as a service, where anybody and his Uncle Joe can sign up to use someone else’s cryptovirus to make their own fortune in the cybercrime business in exchange for a cut of the proceeds (franchised cybercrime).

This week, we’ve learned of yet another phase in this disgusting, ongoing saga: A new flavor of the virus, called 7ev3n, with a 13 Bitcoin (appx. $5,000) ransom, and a return to the tactic of completely locking the user out of interacting with his/her computer during the infection.

How can you get infected? Any number of ways. High-risk behavior, such as clicking on suspicious links or attachments in e-mail; or visiting, shall we say, naughty web sites; even visiting legitimate sites, such as Yahoo, that bombard you with Java- or Flash-based ads that contain malicious code; or using a thumb drive that has somehow been infected by another computer.

As as side note, Flash and Java have been proven to contain inherent security flaws. You could completely disable/uninstall Java and Flash on your computer to eliminate the security threat, but until the vast amount of web sites using those technologies get redesigned using HTML5, which is purportedly more secure, you’d be crippling your web surfing experience. Therefore, proceed cautiously on the web, and read on.

Why might anti-virus fail to prevent infections? Just as with any type of computer virus, those busy bees out there are constantly trying to build a better mousetrap by tweaking containers and delivery methods just enough to fool anti-virus software until software vendors are able to observe a virus “in the wild” and develop new “signature” files to detect prospectively (probably 80 – 90% of the anti-virus game is playing catch-up). That’s what anti-virus software does, for the most part: it looks for patterns that have already been seen and analyzed. Though there are measures to try to detect and block so-far-unseen viruses (some anti-virus software vendors are better than others), none have proven to be 100% effective against newly-released viruses.

As far as protection, your best bet is to choose one, good anti-virus software and keep it updated (“one” because multiple anti-virus software packages installed on your computer will slow performance to a crawl; “updated” because, well, it’s a must — see previous paragraph). Our go-to brand is ESET for both home and business users; it’s affordable, very effective, and not the resource hogs that McAfee, Symantec and some others have turned out to be. Yes, there are free anti-virus packages out there, but sometimes you get what you pay for.

Another layer of protection we recommend is an anti-malware software subscription, such as Malwarebytes or SuperAntispyware, which has different algorithms to detect malicious activity that isn’t necessarily classified as a computer virus. And don’t underestimate the great benefit of a spam-filtering service relative to its meager cost per user. Plus, there is hope in fighting ransomware head-on, with at least one anti-malware vendor currently beta-testing its own product on that front (“beta-testing” means that it’s not yet ready for prime-time use on your work computer or server).

Failing all prophylactic protection efforts, the ultimate back-stop, of course, is a good, off-site backup — not one that sits on the same server as your data. One that sits somewhere else on the same network as your office is still susceptible, though it’s still a good idea for quick retrieval of backed-up data in a non-ransomware situation.

Modern online/over-the-Internet backup services have become more secure, reliable and affordable, and are becoming standard practice for the enterprise, and very common for home users as well. Even in absence of a virus situation, a good local and online backup of critical data can be a life saver in the case of a hard drive crash on a server or individual computer.

Don’t become a helpless victim that has no choice but either to accept the loss of data or to pay an exorbitant ransom. Ask us about the anti-virus and backup options available.

Comments & Responses