RansomWare—What is it and how do we protect ourselves?

Wikipedia Definition: Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed.

This has become a growing concern, and has already affected many organizations in North Dakota. Basically, a machine gets infected with the malware by going to a bad website or opening a bad email. Once the machine is infected, it begins encrypting mostly Word, Excel, and .PDF documents on that system, and any other machines it has access to (including servers). It begins encrypting these files and locking them. When you try to open one of these files, it will give an error like “Invalid File Format” or “This file had been corrupted”. At this point, there is no way to fix these files as the encryption they are using would take a super-computer years to crack the encryption code.

More recent versions of Ransomware are now attacking database files and financial files like QuickBooks, etc. A message will pop up on a machine telling you that the only way to get your files back is to pay them for the encryption key, which may or may not work even if you pay them what they want. Studies show that only about 60% of people who actually pay the ransom are able to get their files back. The best way to deal with ransomware is to restore files from backups made before the network was infected. Many places have resorted to doing hourly backups of critical data to avoid the loss of critical data. Now more than ever, backups need to be done on a more regular basis and you need a good backup solution to ensure your data is safe in the event that something like this happens to your organization.

NRG has a state of the art, image based, back-up solution that protects files and system configurations. You can contact us at 701-250-9400 or 888-303-0094 for more information.

Steve Kelsch
Vice President
NRG Technology Services

June 2016  fun facts