Ransomware

Ransomware

Are you playing Russian Roulette with your clients data?

 

We never cease to be amazed by the number of companies who don’t have a robust data backup system in place for their data.  Time and time again when we ask customers about their backup and disaster recovery strategies we get answers such as:

“Oh, It’s ok - our IT people take care of all that.”

“Someone backs up onto those removable pen things and takes them home at night.”

“I’m sure somebody must do it but I can’t remember last time it was done.”

These are just a few of the many responses we have had when talking to operators about their data backups.  The comments would be laughable if this whole topic wasn’t so deadly serious. 

Putting machine failures aside – after all, they only happen to ‘other people’ of course – viruses used to be an annoying irritation to the point that some companies didn’t even realise that their systems were absolutely infested.  You might have strange things pop up in your web browser, that ‘Cup Holder’ drawer thing kept popping open by itself (it was once popular for loading programs from CD’s) or your friends might wonder why you kept sending them naughty adverts or links to sites offering all manner of amazing pills and potions.

Then people began to wake up to the fact that those ‘Trojan Horse things’ might be sending your personal details and innermost secrets – along with your credit card details – to people who want to steal your identity and order mobile phones and washing machines in your name and charging them to your newly created credit card.  Not much fun when you find that some toe-rag has had a couple of grand’s worth of travellers cheques on a card set up in your name!

Sometimes the viruses were ‘Bots’ – little robots which would attach themselves to all your workstations and outbound emails – spreading to all your friends and business contacts - and waiting to be called to attention by anonymous parties using your unsuspecting computers to take part in co-ordinated blackmail attacks on government web sites and large organisations.

All the above was in the good old days and was just for starters – now we are blessed with RansomeWare.  If you think the travellers cheques ploy stung a little then you really wouldn’t care for a dose of RansomeWare.

It usually starts with a tantalising email offering something which is far too good to be true and one of your office juniors can’t resist the allure and clicks on the embedded link.  As they are basking in the warm glow of the rich reward which is just a couple of clicks away, the RansomWare is already making itself at home and familiarising itself with all the machines on your network.  It will use this later to calculate the amount of money it will demand when it’s damage becomes evident.

The first thing you will know is when your systems start to fall apart and you suddenly can’t open work documents – by then the damage is done.  RansomeWare chews its way through all your folders, ‘Encrypting’ your data and renaming the files with such name types as ‘Wallop’ or ‘Web-Mafia’.  It knows no bounds and will rip through your entire system – taking down all your word processing and spreadsheet documents, any PDF archives it can find plus, of course, all your precious data files.

Finally you will see the screen proudly announcing how much you must pay to get your data back – the more computers you have then the more it will want – and we’re talking thousands of pounds to be paid using untraceable ‘Bit Coins’. 

Now the fun really starts! “No problems, I’ll just restore our backups” people often say.  A quick call follows to the IT company who in turn ask “What backups?  You never told us to do that!”  This is usually enough to make the palms start to sweat and the nagging doubts creep in about if all the data really was backed up. 

It’s the time you notice that the backup tape you have been religiously changing for the last five years had in fact de-spooled and had been backing up thin air.  The ‘Pen Drives’ turn out to have filled up and stopped taking data long ago, but no-one had noticed – or this is when you find that they aren’t reliable after all and they are no longer readable!

So when was the last data backup – and what had actually been backed up?   Hopefully the booking system data files - but what about the document archives, year end and archived data sets – and all your precious work: Letters to and from clients, booking acceptance letters – your accounts and payroll data – all the scanned invoices from years gone by, your brochure – not to mention all the memorable photos you had been accumulating over the years.  All ‘Encrypted’ until you dig deep and pay the hefty ransom.

But hey, we’re not dealing here with a kindly aunt or a government agency or anyone with a shred of scruple or conscience.  RansomeWare is the creation of the Mafia and organised crime far beyond our own shores.  They’re not going to let you off lightly!  If you are so foolish as to pay the ransom. it’s highly unlikely that you will ever get access to your data.  It wasn’t ‘Encrypted’ by an elegant algorithm – you need to face the fact that it’s been ruthlessly and unceremoniously trashed! Wasted! Gone!  If you desperate enough to pay these cowboys, then you’re just as likely to get a warning that you are ‘trying to short-change’ the fraudsters and they will simply try to burn you for more.  

The moral of this story is to wake up to the realisation that RansomeWare is no longer just a Threat – it’s a strong likelihood.  You can try to protect against it but if – or rather WHEN – you are hit with it, the best bet is to have a full backup of ALL your data.  This isn’t just good stewardship – it is a duty of care to your clients, your staff and your stakeholders.  In addition to being a real threat to business continuity, data loss undermines client confidence and can wreck your image and credibility. In addition to the huge amount of time and resources required to verify and re-enter data, there can also be considerable penalties for the directors of companies who fail to keep adequate and accurate records.

It is no longer acceptable to plead ignorance when a business can’t trade due to data loss. This is about business continuity and survival. Data loss is unnecessary and unforgivable and it could easily result in the rapid end your business..  All companies should appoint a competent person to rigorously review their data backup and recovery policies and regularly conduct tests to ensure that all required data is restorable. In addition operators should keep their anti-virus systems up to date and be prepared to deal with the aftermath of a major fire or computer failure/theft. A bit of foresight can make all the difference when the inevitable happens.

If you have already fallen victim of RansomWare then take a crumb of comfort from the fact that you’ve joined a growing club of government departments, local authorities, healthcare establishments, schools, banks and countless companies who have been hit by this menace. Incidence of RansomWare quadrupled in 2016 and is set to double again in 2017.   The threat has also broadened to include tablet devices, smartphones and even the Internet of Things (IOT). So if your washing machine or freezer is internet connected then make sure your contents policy is up to date!

If this article causes you to sit up and take heed then it’s done its job.  We don’t like seeing our customers suffer data loss but regrettably it is something we are seeing all too often and it’s no good locking the stable door after the horse has bolted!

 

John M Roe - Roeville Reservation Software - March 2017

Scroll back to top