CryptoLocker and other malware could steal and destroy your data.
Unfortunately, despite increased attention from the U.S. government and IT leaders, the threat from CryptoLocker and other forms of “ransomware” isn’t going anywhere.
These are pieces of malware that will infiltrate your firm’s computer system and encrypt your data, locking it away. Unless you pay the creators of the malware a fee within a certain period of time, the ransomware will delete those files.
CryptoLocker—which is probably the best known form of ransomware—is one of the primary reasons you should restrict most websites from being visited in your secure system and prevent .exe files from installing unless your IT team gives the OK.
As a best practice reminder, be very careful when viewing emails, browsing websites inside and outside the cloud, or moving data into your cloud from local workstations or jump drives.
It’s important that your entire team is warned about ransomware. As we have seen from various forms of CryptoLocker over the past couple of years, the greatest risk to your data is not a hardware failure or data corruption, but your employees, who can inadvertently allow ransomware to access your system. About 58 percent of downtime is connected with human error, according to a 2012 study from the Independent Oracle Users Group.
If your system is hit by a ransomware attack, there are really only two ways to recover your data. You can pay the ransom, though even if you do pay, there’s no guarantee you’ll get your files back. Or, assuming you have backed up your data, you can restore your systems to a previous day, costing you lost time and work.
Backups vs. Business Continuity
How fast you can recover depends on what kind of backup system you are using. An old, outdated system will make the recovery process longer and more frustrating.
Today, more companies are using newer “business continuity” solutions. Business continuity encompasses traditional backup practices, keeping data both locally and off-site, as well as using virtual servers locally and in the cloud. This allows for quicker recovery, not only from ransomware, but other disasters.
As we face evolving threats to our data and our daily business operations, it is imperative to move your company’s data to a business continuity solution. It is the only way to ensure the safety of your data, recover quickly from a disaster and secure your business’s longevity.
Other Ways to Reduce Your Risk
» Educate all employees about how ransomware attacks occur.
» Talk to your IT team about application whitelisting, creating virtualized environments for certain programs and securely backing up your data on a regular basis.
» Set your antivirus and anti-malware solutions to scan regularly and update automatically.
» Stay current with patches to your system.
» Configure access to your system so that each person only has as much access as their job demands.
» For more advice, visit www.ic3.gov.