Sunday, April 12, 2015

PC Handyman: Encryption malware —"Ransomware"— Is your data protected?


Recently, The Boston Globe and other news media reported that a file server at the Tewksbury Police Department was infected with a strain of malware, which had encrypted all of the files stored on this server. These files were arrest and incident records. When someone tried to access these records, they found that the files could not be opened because they were corrupted. Then they found a document that explained that the files had been encrypted and gave instructions on how they could pay $500 to get the encryption key to recover their files. 
PC Handyman
PC  Handyman
After several days of trying to recover the files, with the aid of federal and state computer experts and 2 outside IT firms, they finally paid the $500, using an electronic form of payment called Bitcoin, and got the data back.   
This sort of thing has been happening for a while now to all sorts of businesses and individuals—this got media attention because public money was used to pay the ransom, so it became public information. Payment forms like Bitcoin and MoneyPak are used because the payment is not traceable to the recipient.
 Can it happen to you? Yes! 
This malware is usually installed through an email attachment, often in an email supposedly from FedEx or UPS about a package being delivered. There is also evidence that it can be installed by a hacker getting into a server through a remote connection. Sometimes the encrypted data is recoverable through Windows, and sometimes with a 3rd party application. Usually, the malware turns off features like System Restore and Volume Shadow Copy so that these recovery methods are no longer available.  I'm sure that the Tewksbury people tried everything.

Another scary thing—if the infected PC is connected to mapped network drives, such as on a file server, those files can be encrypted too. And if a backup drive is connected to the PC, doing automatic or periodic backups, the files on the backup drive will be overwritten with the encrypted versions, since the files have been changed to newer versions. Cloud-based backup services may save previous versions of backed up files—you should ask your backup service. 
The best strategy against this issue seems to be keeping a periodic manual backup to a drive that is disconnected after the backup is completed. Frequency of the backups determines how much data is at risk. I can set this up for you, including providing the drive. I can come in to your business on a regular basis and run the backups too.  Let me know if you need help. 
Is your data protected? 
The PC Handyman, 508 346-3502 info@pchman.com

No comments:

Post a Comment