Ransomware: You Will Be Infected - Are You Prepared?

by Pat Hammond on Wednesday, November 09, 2016

Today's featured veteran-owned business is SBTI Technologies.
Owned by Vietnam Veteran Norm Gentry, SBTI is a small business IT service provider whose products include computer repair/maintenance, system backup, network and resource management, virus recovery and just about every service you would find in a standard large business IT department.

Gentry has previously been featured on Queen City Buzz ( How to Secure Your Business in One Easy Step), but due to a recent increase in local ransomware attacks, I asked him to come back and sit down for a conversation about the latest virus threats, what he's seeing pop up on his client's systems and how to keep it from happening to you.

It's no longer a matter of if...

Norm Gentry is what I would describe as a calm man who faces challenges with a smile and an enviable amount of patience, so when he came to last month's Coffee Buzz and said "I need you to to get the message out," I took him seriously.

Gentry is an IT guy whose company, SBTI Technologies, provides computer repair/maintenance, system backup, network and resource management, virus recovery and just about every tech service a small business owner needs. He's been in the business since Windows was new and he's tackled pretty much every tech problem a business owner is likely to encounter and lately he's been seeing more and more people coming to him with ransomware problems.

"The bad guys are always ahead of the good guys and no matter how good your anti-virus is the bad guys are going to find their way past it." - Norm Gentry, SBTI Technologies

For anyone who is not familiar with ransomware, it is a malicious script that hackers use to encrypt your data and hold it for ransom. You get an email from someone[1] you know and click on the attachment, next thing you know you are looking at a splash screen with instructions for how to pay the ransom to get the code to unlock your files.

Schools, banks, police departments, big companies with deep pockets and top of the line virus protection or one man shops running one laptop, it doesn't matter who you are or how much money you spend on technology, the one commonality between them all is people.

  • People who think it will never happen to them because they have virus protection
  • People who don't prepare for the inevitable by backing up
  • People who aren't paying attention to what files they're opening

When it comes to ransomware, anti-virus software is like the Centers for Disease Control (CDC) and the flu vaccine. They need to know which strain is going around before they can come up with a vaccine for it and that can't happen until enough people get infected for it to be recognized as a problem. By the time that happens the hackers have already made their money and mutated the program enough to slip past the latest anti-virus updates.

The good news is there are some things you can do to reduce your risk of having your data encrypted.

Number one on that list is to do routine back-ups, preferably to a cloud service.

Gentry says he meets people all the time who think they're on top of things because they've backed up to a flash drive or standalone device, but they don't realize that as soon as they plug that device into their computer it is infected by the virus.

He points out that "automated online backup is the only protection from ransomware and it must be set up for versions so the cloud doesn't overwrite the clean copy."

It's a point a lot of people forget.

Just because your computer started acting buggy today doesn't mean it was infected today.

Viruses can sit on your system for weeks, months or years before being activated and the only way to guarantee recovery of at least some of your data is to maintain multiple historic backups. Fortunately, setting up for automatic backups is easier than you think.

In fact, it's probably a whole lot cheaper than you think too. This is something you can do on your own[2], or if you're not feeling tech savvy SBTI only charges $55 a year for 1 terabyte of backups.

Considering the cost of paying the ransom, lost income from downtime and the potential for lost or stolen data, $55 a year is a pretty good deal.

The third component in the ransomware equation is the people factor.

Gentry stresses the need to take your time, read your emails and think before clicking attachments.

Hackers have become much more sophisticated. Not only are they disguising the real sender by taking names and email addresses from your own contacts, but they are using familiar sounding phrases on the subject line. In one recent case, his client received an email that appeared to come from an internal email address with the title "new employees." The employee thought it was safe because it was from a co-worker who would be handling new employee information, but when they opened the attached file the ransomware splash screen popped up.

This is not an isolated incident. Gentry has been seeing more and more clients either receiving infected emails or getting caught in ransomware traps.

He says another client contacted him recently because she received a suspicious email that came from the person sitting next to her. Even though it came from a co-worker she knew, she remembered his warnings about being aware of things like the subject, content, and spelling. Something seemed off so she deleted it. When Gentry later inspected the email he confirmed it contained the Locky virus[3].

The bottom line is that ransomware is big business and it's getting bigger. It's so big that Gentry says many hackers are now selling their viruses using the Software As A Service (SAAS) model favored by legitimate online software platforms.

This means that instead of having to be a top-notch coder, all you need to go into business as a data kidnapper is a little seed money and a willingness to steal. When you add in that the Federal Bureau of Investigation (FBI) is on record as saying the incidents of ransomware are on the rise[4], it's safe to assume it's only going to get worse.

Be vigilant and be prepared. Make sure your anti-virus protection is current, but don't rely on it to catch everything. Maintain versioned online backups and think before you click attachments.

-----------

For more information about the services provided by SBTI Technologies please visit their website at http://www.sbtisolutions.com/ or give Gentry a call at 603-369-6366.


Resources:

1. Not all ransomware is delivered via email. Some scripts are embedded in websites and attach themselves to computers when the user visits the website. As there is no way to know if a website is compromised, the only way to guard against this type of attack is to make sure your computer's updates and patches are current, maintain versioned backups and use a top of the line virus protection program.

2. There are too many flavors of Windows, MAC and Linux to give a specific how-to here, but a quick Google search for "How to backup (your OS) to the cloud" should bring up several pages of websites with step-by-step instructions.

3. The Locky virus is a common ransomware variant. For more information about the Locky virus please visit https://blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/

4. Please see this official article from the FBI, Incidents of Ransomware on the Rise

Loading Conversation