What is Ransomware?
The hacker groups behind Ransomware/Cryptowall/Cryptoware cannot be stopped. They are faceless, nameless groups located all around the world with the goal being to encrypt your firm data and hold it hostage in exchange for a ransom payment in the form of Bitcoin, an untraceable internet currency. If you don’t pay within a certain amount of time, you will lose your data forever. In 2015 alone Ransomware hacker groups made an estimated $4 Million holding private, public & government entities’ data hostage with a promise to restore all data in exchange for an average 2 Bitcoin. 2 Bitcoin doesn’t sound like a lot, but the exchange rate as I write this article is $649.10 US Dollars to 1 Bitcoin. In some cases the request is far greater, upwards of 5 to 10 Bitcoin for a single ransom totaling over $6,000 US Dollars.
Ransomware is not a virus, no damage is ever done to your data. Your data is encrypted and can be decrypted if you pay the Ransom, but it has never been seen that these groups steal or damage your data. When a Ransomware executable is inadvertently launched, a silent encryption application runs in the background on your PC. It seeks out shared network drives and also encrypts those locations as well. Before you know it, you can’t get into any of your documents or pictures and in every encrypted directory there are instructions offing information on the Ransom with a tutorial on how to pay. Once you pay, you will get all your files back, Rekall can confirm this. This is Ransomware in a nutshell, but truthfully, it’s a lot more complicated than that.
By the way, if you do get hit, there’s a strong chance all your contacts will be sent the same Ransom email you clicked on, only this time all emails will be sent from your email address making your contacts think you sent them Ransomware. This is how it spreads, not good.
How Law Firms Can Avoid Ransomware
Sophos Firewall | ZERO-Day Ransomware is unstoppable. While Ransomware sounds like an unstoppable entity, there are ways to avoid the ordeal and cost of paying the Ransom. Firstly, get yourself a Sophos Firewall with web filtering, Rekall offers this as a hosted service nationwide. It’s very inexpensive and extremely useful. Sophos is the only securities company with definitions to stop Ransomware. Since Ransomware is technically not a virus, many other security companies have not dealt with the Ransomware epidemic. Sophos is your only hope.
Sophos Email Filtering | 85% of Ransomware is downloaded and executed through email. Make sure you have a Sophos spam filter, filtering incoming and outgoing email for the entire firm. Again, Rekall offers these services nationwide on a hosted and/or cloud level. They are inexpensive and a necessity. Again, Sophos is the only one who does this.
Secure Offsite Backup | Another way to avoid Ransomware is to have a backup, and not a USB backup, because anything USB will be encrypted as well with your data, remember, they’re smart. We’re talking about a secure offsite backup that supports a large retention policy with versioning. Rekall recommends 10 versions and 30 days minimum on the retention for all our law firm clients. In this way, restoring a snapshot of your server files from last week should not be an issue. If you can’t do this easily with the current setup, get new IT. Backup software that does this is not expensive or special, it’s the norm and everyone should have it.
Better Internet & Email Practices | The last way to avoid the Ransomware nightmare is to teach your people not to click on links they are unsure of may they be on the internet or within email. Many of the Ransomware emails come from random email addresses with attractive Subject lines. Tell your people to avoid these like the plague. If you’re unsure about an email or an attachment, open it on your phone, Ransomware doesn’t execute on mobile devices so there is no risk there. Just be careful and stress this to your firm staff.