Although a ransomware infection might feel targeted, you’re not the only MSP who’s been working hard to get back data for your client. Ransomware is spreading at an alarming rate, but the further it goes, the more resources are allocated to fighting it. If your client's data is held hostage, always check these lists for free decryptors first.
The state of ransomware in 2017
It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.
In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.
Zombie ransomware is easy to defeat
Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.
At the recent CompTIA Regional Meeting in Cardiff #UKCCCardiff, the audience was treated to a presentation from Raj Samani from Intel, who highlighted a free tool Intel had provided to the IT community for just such decryption
NoMoreRansome is the site to visit
No matter what the circumstances of your infection are, also check the following lists to see whether free decryption tools have been released :
- Kaspersky Lab’s No Ransom list
- Avast’s free decryption tools
- Trend Micro’s Ransomware File Decryptor
- Fightransomware.com's Breaking Free list
But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware.
First, train your clients about what they should and shouldn’t be opening when browsing the web and checking email.
Second, back up client data as often as possible to quarantined storage. As long as access to backed-up data is extremely limited and not directly connected to a LAN, you should be able to restore everything in case of an infection.
Finally, regularly update all software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.
Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.