I recently had a discussion with one of our clients who was the victim of a “Ransomware attack”. For those who aren’t aware, ransomware refers to a virus that attacks your data so that you no longer have access to it. You will then be notified by a hacker who will inform you the data will be released if you pay a “ransom”.
My client was not using our data back-up service but was on a plan with a local IT Management company. That means he was paying for cloud-based, data back up and the protection of that company. With his system down and a request to pay $1,200 (US) he quickly called his supplier who promptly informed him that he should just pay the ransom. Much easier than trying to repair the virus.
To understand how payment of these ransoms work is interesting onto itself. The hacker will assign a “third-party supplier” who will be the agent of the transaction. It’s fair to assume that this party is benefiting from the service and in on the operation. You will then be asked to purchased “bitcoin” in the amount requested. This is untraceable, electronic currency and it cost our client approx.. $2,000 CD to get the requested currency.
With the currency in hand our client paid the ransom and was sent the “key” to unlock the data files. These were now so corrupted that he needed to call his IT company to come in and clean out the files at a cost of $1,600. The total loss to our client from this attack was an estimated $3,600 (not including loss of productivity during the down time).
You don’t need to be a computer engineer to understand that our client was provided with questionable instructions by his IT company. Here is what one needs to know about data back up and attacks of this nature.
1. Your business is your data and it must be protected. Backing data on mobile hard drives and USB drives is labour intensive and prone to oversight. We recommend cloud based automatic back-up.
2. As soon as you see an attack on your system quickly turn all computers off.
3. Contact your IT professional.
4. He should wipe your system and re-install your most recent files.
5. Important: your backed-up files must be checked and verified before installing to make sure the virus was not uploaded.
These attacks are a growing concern and every business should do a risk assessment with a qualified professional.