For the University of Calgary it was worth at least $20,000! That was the amount the University paid as reported by the CBC and Huffington post. The University was infected by malware or ransom ware. This is a different type of virus that the typical anti-virus vendors such as Symantic and McAfee currently do not defend. At a recent Sophos partner conference it was reported they are working on a solution to the problem. Ransom ware is a type of ‘virus’ that you invite in and it uses legitimate software to encrypt the data on your disk. In the one case it uses AES (Advanced Encryption Standard) software to encrypt your data. This is the same software that we use to encrypt your data on a VPN and is White House approved to secure information. The problem with ransom ware is that they encrypt the data using this software and the reason it is White House approved is that it can’t be hacked!. If you do not pay the ransom whether it is $200 or $20,000 then they digitally throw away the key leaving your data locked away.
You can fight ransom ware on three fronts.
The first is if you get an email that is too good to be true then suspect it is too good to be true – don’t click on the web site link in the email. Is the email from a friend? Are you sure their email account was not compromised and it is not a mass invitation to ransom ware? One of our clients has my email on their personal hotmail account and it was compromised. When I saw the emails from that account and read the content it did not fit the client! My first response was to reply to their email that their account was hacked.
The second thing you can do, and you should already be doing, is to ensure that all your critical data is regularly backed up.
The third thing is to have a recovery plan. Whether your system is held hostage or burnt to a crisp having a backup is not enough. You will need to know how to recover and ensure that your actions don’t make things worse. When you do get a ransom demand, it is too late to disconnect your computer from the network – it has been compromised. Make sure that it is not connected to your back-up otherwise your back-up may also become encrypted.
Each client’s situation is unique. Call KDI and we will walk you through a recovery, better yet, call Ryan at KDI to discuss a back-up and recovery strategy before you get the file encryption notification!