Are you prepared for Ransomware? The Corbel Blog Written by Corbel on 25th July 2016. Ransomware is often featured in the headlines these days and is currently a popular tool in the hacker’s toolbox. Typically ransomware infects a user’s machine and informs a user that their system has been infected. The user is told that the system is being held to ransom and if they don’t pay the ransom demand then their files with be encrypted, effectively rendering their data unreadable and useless. More recently the ransom code techniques have taken on a more sophisticated twist and have begun infecting user’s machines in an event to seek out more important targets such as servers, domain controllers and backup devices. Once getting access to such areas of an organisations infrastructure the demands from ransomware become quickly very serious and damaging – possibly even immobilising an entire operation in a single act. Approximately 1.2 million users are infected with ransomware each and every day so it’s more likely to be a case of “when” rather than “if” you’re likely to be infected. There are also ransomware strains that go against the general rules, generally these strains are purely destructive and the ransom element is practically irrelevant. Ranscam is one such example of a badly executed ransomware app. But because it’s a bad type of malware, it’s also the worst Windows infection you can currently get. The malware app deletes everything on your computer. It doesn’t encrypt anything either. You can’t pay to get the decryption key and restore access to your files. Even if you try to pay, you’ll simply get an error message. But what’s clear is that your files are going to be deleted no matter what. There is no single tool that can detect and remove all the different strains of ransomware, so the most effective solution is to have a strong backup plan in place so in the event you are infected then you can minimise downtime and damaged by going back to just before you were infected and restoring all files from that point. There are some specific backup solutions that make this kind of preparation easier but it should be possible with any form of backup software as long as there is a decent, working backup plan in place. With new guerrilla strains of ransomware like Ranscam, it cannot be stressed enough that it makes perfect sense for organisations to have a solid, (offline) backup strategy in place rather than just paying the ransom when infected. This approach to such a serious problem will ensure that systems get restored to a clean state and will reduce the ability for the aggressors to earn revenue from these attacks which they can reinvest into their criminal business model. So, it seems the best defence is backup. When did you last verify your backup sets? Is your backup plan strong enough to enable your business to survive an attack from Ransomware?