Ransomware: An Old Problem Reborn in the 21st Century
Ransomware is an Old Concept
To understand ransomware, lets start by going back 150 years. Imagine for a moment that your business has recently set up shop somewhere in the Old West, perhaps out in California where newly unearthed gold wealth shines as bright as the California sun. You have set out your wares and should expect a stream of new customers; the prospectors need supplies, beds, blankets, and food. You have prepared to supply all of this and your accounting manager who telegraphs in weekly from New York has projected profits through the roof. You are going to make a killing.
But as you settle into your storefront and wait for your supply wagons to complete the long journey from the industrial center of Chicago, the boy that you hired to run your supply train dashes through the swinging wooden doors of your store and shouts that a terrible fate has befallen your wagons. Bandits have seized your cargo and have sent your employee back to you with a ransom note. Bring $50 to Gusty Gulch in three days or you will never see your precious wagons again! Unlike Wells Fargo, you had neglected to pay mercenaries to ride shotgun. You panic and run to the local sheriff’s office. He claims that he cannot help you because he does not know where the bandits keep their hideaway, and more, they seem to constantly be on the move. Even if they could track the bandits, the sheriff tells you that this particular gang hosts a cohort five-men strong, and that the ransom site will be too well-guarded for he and his deputy alone to stage an ambush. Alone you have no hope and so you consider the options. How badly do you need those wagons? After all, they are only asking for $50. You scrape your week’s profits into a bag and head off to pay the ransom.
Now picture instead, you are sitting in your air-conditioned office in Florida when an employee knocks on your door and says that someone somewhere has locked him out of his computer. They are demanding a small fee to free your system, and meanwhile your own systems have betrayed you and you are concerned about losing business. The police tell you that this happens frequently and that they cannot find the hackers in cyber space. How badly do you need access to your servers? After all, the cyber-bandits are only asking for a couple hundred dollars. Again, you pay the ransom.
Dealing with a Ransom Demand
Ransomware—malicious software that encrypts the victim’s files and holds them hostage, like the wagons in the Wild West scenario, unless and until the victim pays a ransom—has emerged as a potent and increasingly common threat online.
Daily data backups on a non-networked computer provide the best defense against ransomware. For ransomware victims who have been caught unprepared and can not rely on backups, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand, which normally costs far less than the potential business loss. Resist the temptation to give in. Often the situation isn’t as bad – or is much worse – than is being presented.
Ransomware is computer code, and like all criminals, sometimes malware coders make mistakes. Every so often, crooks will develop a new version of ransomware containing errors, which can render the victim’s files unrecoverable even if they do pay the ransom. In other instances a piece of ransomware will not do its job at all and with a little bit of hard work your data can be recovered safely without giving in to the crooks and swindlers.
Due to the relative ease in launching these attacks, ransomware will only become more prevalent. Like the thugs in the Wild West narrative, cyber-bandits often face no retaliation because of the relatively weak state of law enforcement in cyber space. What’s more, the criminals are getting smarter by more effectively targeting victims and writing better code.
If you or your company is hit with ransomware, resist the temptation to pay up, which just perpetuates these scams. Fortunately, HumanIT offers prevention mechanisms for ransomware software that can prevent the problem before it occurs. Wells Fargo learned early on that the best defense against unsavory opportunists in the Wild West was a steady arm to ride shotgun. Take us along with you on your ride through dangerous cyber territory; we’ll keep the bandits at bay.