TechRepublic can be a great source for information. And then, sometimes it’s not. Today it is not. Here is my response to an article claiming there were solutions to prevent ransomware and decrypt a drive if you do get hit – both of which are about 90% untrue. There are tools but they will almost certainly not help you. And there is no way to prevent infection except to never click on a link or visit an infected website. Here is my response –
Uh, guys… might need a little time in the field before writing up an article on the absolute scourge of the digital age. What Ransomware is now is horrible, and what it is expected to become is even worse. There are NO tools developed by either law enforcement or security professionals that will protect you. None. Malwarebytes, Kaspersky, Trend Micro, and others all freely admit there is nothing they can do to protect you. If you click, you pay.
As a IT professional and a business technology consultant I have personally done battle with Ransomware 11 times. Every instance was worse than the previous. Every one was more damaging, more expensive, and more difficult to recover from. If you don’t have backup that is out of the reach of the virus your data is gone. Everything on the Desktop, in My Docs, Downloads, Pictures, etc – gone. Mapped drives to server data- gone. Google Docs, DropBox, OneDrive – gone. PLUS, they all sync the corrupt data back to the web and then down to any other computer that has the tool installed. So far the virus has not jumped from any of them to the other computers… yet… but who knows how long before that happens.
Ransomware has the power to put an unprotected company out of business. I’m going to repeat that phrase. Ransomware has the power to put an unprepared, unprotected company out of business. If you are a tech pro and your clients do not have a cloud based backup solution that is NOT a persistent connection your client is in serious danger.
Backup and education, especially for a larger company, are your ONLY options and only defense. Your mindset needs to shift from prevention to part prevention and part recovery. You need ot set up a system that will allow you to restore from backup and get the doors open again. This is an insidious issue and it will get worse before it gets better.
Read, read, read. But above all else get the data out of reach. It cannot be a solution that involves a USB drive, it’s too easy for user error to destroy the backup data. It cannot be a system that is mapped or accessible within the same network, the bad guys are working very hard to hop from computer to computer and Symantec appears to have their first clear evidence of this existing. You must get the data to a location that is out of reach.
Sometimes paying the ransom is the shortest path to recovery. The only problem is paying does not guarantee recovery. I have had 5 of 11 decide to try paying to save time; three got a key that worked. One got a key that did not work, and one never got a key. Those are not very good odds. Is it worth trying? Only you and your client can make that call.
As far as decryption – yes, there are people hard at work to create tools to help. However, there are also bad guys hard at work to make better ransomware. They use unbreakable encryption that relies on a key left on the hard drive of your computer. So, if your antivirus kicks up a fuss about the ransomware, what happens to that file? In many cases… gone. Guess what file the bad guys need to decrypt your data if you do choose to pay and if you are lucky enough to receive a key.
Ransomware is far worse than many of these articles are making it out to be. This particular write up makes it seem like there are simple solutions and plenty of tools to help you, and that you stand a great chance of recovering your data. Nothing could be farther from the truth. The tools that are available are a shot in the dark and are outdated in a matter of weeks. If you can figure out how to use them at all. Yes people are trying to help, but we are not winning this battle. Not yet anyway.
This is no laughing matter. This is not something to take lightly. This is ugly and will destroy company data, or old, irreplaceable family photos, or years of work on a masters thesis or geneology chart. Backup, backup, backup.
Do it now.