The Attack
Imagine this. You and your remote workers spend all morning preparing the spreadsheets, photos, and documents for a deliverable that must get to your client by close of business today. The documents are stored in your cloud-based file hosting service (like Box or Dropbox). Everything is going great. The team takes a quick break to check emails and to grab some lunch. Then, you (or one of your remote team members) return to see a pop-up on the screen that reads: “YOU ARE HACKED. ALL YOUR PERSONAL FILES HAVE BEEN ENCRYPTED! IF YOU WANT TO RESTORE YOUR DATA YOU HAVE TO PAY!”
Your laptop has fallen victim to a ransomware attack. Ransomware is a flavor of malware that installs itself on your computer via an email attachment, malicious website, or infected spreadsheet. Once self-installed, it encrypts all your important files, as well as your backup and restore capabilities, with two keys. One key is placed on your PC and the other is kept by the criminal responsible for the infection. Both keys are needed to decrypt the files. Once encrypted, there is nothing you can do to restore your files without that second key! The criminals demand a ransom to be paid in untraceable bit currency in exchange for the second key. Of course, even if you pay the ransom, there is no guarantee you will receive the second key!
Ransomware is big business and is growing every day. According to Cyber Security Ventures, this year, a new organization will fall victim to a ransomware attack every 14 seconds and attacks have nearly doubled in the past two years! And, according to Kaspersky, one in three companies hit with ransomware last year took more than a week to recover their data, leaving them unable to do business as usual during that time.
In the scenario I described above, immediately after seeing the ransom demand on your screen, you think of this morning’s work and the documents you collaborated on that are stored in the cloud. Certainly, they are spared given that they do not reside on your local drive, right? Not necessarily.
If you are using, for example, Box Drive or Box Sync, the encrypted content may sync up to Box! Those documents would then be unavailable to everyone who previously had access to them. At this point, the BEST you can hope for is to restore the files from a backed-up version, likely from the previous night. The entire morning’s work would be lost. And, this is, quite possibly, the best-case scenario. The worst case is that these files are gone forever and would need to be recreated from scratch.
Ransomware is a particularly insidious variant of malware designed solely to elicit a payment from the owner of the infected computer or server. Ransomware does not steal your sensitive data like bank account numbers or passwords, and it does not entirely wipe out files. Ransomware variants have been given names such as CryptoLocker, WannaCry, Bad Rabbit, CryptoDefense, CryptoWall, and many others. Regardless of the variant, the result is the same. Your important files are encrypted and held for ransom. Once infected, you can restore your files but they will only be as current as your latest backup…as long as your backups are not on a local drive that could also be encrypted.
Defend Your Remote Workforce Against Ransomware
There are steps you and your teleworkers can take now to stay ahead of the ransomware threat.
- Stay current on anti-malware software on everyone’s computers
- Keep your computer operating systems up to date with the latest patches
- Use data storage best practices – this includes storing documents in multiple locations, including the cloud
- Back up every file that would impact your operation if lost
- Use the equivalent of BoxEdit, where the document is edited on the remote server, instead of BoxSync, where the document is edited and stored locally and synced to the cloud, to limit spreading an infection via document syncing
- Disable ActiveX content and macros in Microsoft Office, if feasible, to eliminate malicious code from executing
- Put important local Windows 10 folders such as backups into the Controlled Folder Access in Windows Defender
- Prepare a business continuity plan for after a ransomware attack, just as you would for a natural disaster or power outage
- Educate your remote workforce to recognize malicious email attachments and links and to avoid launching them
Defending your computer and those of your remote workforce against ransomware attacks requires vigilance. However, the tips listed above will help prevent an attack that could cripple or shut down your business. And, creating a contingency plan in advance of being infected will improve your chances of surviving a ransomware attack.
