I just stumbled across an article talking about a new variant of ransomware called CryptoWall 3.0. The fact that there are multiple strains and versions of ransomware suggest to me that they provide a lucrative revenue stream for the Bad Guys. That got me thinking about the problem more broadly and how we can defend ourselves both at home and at work. First, the bad news: If you get hit with ransomware such as CryptoLocker or CryptoWall, you are pretty much hosed. The encryption this malware uses is generally solild and you don't stand a great chance of brute forcing the key. The software is pretty well-written and there are no known backdoors to get your data back. You might get lucky and find your key at the Decryptcryptotolocker website, but don't count on it. The Bad Guys will pretty much have you over a barrel unless you prepare ahead of time.
Now for the good news: With a little planning and setup, these attacks become less damaging.
The best defense against ransomware is proper backups of your data. Have a local backup and have an offsite backup. This combination of backups protects your data from not just hackers, but also leaky plumbing, fires, and housepets that might think your computer is a new chew toy. (Don't laugh. I've seen this happen.)
How to Set Up a Home Backup Solution
Regardless of your platform, do the following:
Purchase an external hard drive that is at least 1TB in size. Here's an Amazon search to get you started. Just pick one you like. These should all be reliable still but take a look through the reviews before clicking the Buy button.
- Windows 8 - Enable File History
- Windows 7 - Enable Windows Backup & Restore
- Sign up for OneDrive and pony up for extra storage as necessary.
Other Off Site Backup Options
Backblaze and Carbonite will backup your date in the background and secure it in the cloud. Dropbox and Box.com will require some manual intervention or some custom scripting. If that's how you get your geek on, go for it. I prefer for this stuff to just work without much fiddling.
If you implement these backup solutions, you will have three copies: 1) the original, 2) a local backup copy, and 3) a remote copy in the cloud. The Bad Guys won't be able to whack every instance of your data. In the worst case scenario you can just format your hard drive and reinstall from your backups. Flipping the bird to your attacker is completely optional.
Considerations for Business Environments
First off, don't permit web browsing or email from your servers. That will make it more difficult for ransomware to get to your enterprise data. Those systems should have BC/DR plans and you should be testing those plans annually at a minimum to make sure your continuity plans and restoration plans actually work. Make sure you have your BC/DR ducks in a row. It's not sexy until you need it.
Next, think about your users. I'd recommend providing them with a network share of some sort and discourage them from storing data locally on their workstations. At the very least, sync the local contents to a network share.
If it makes sense for your organization to permit local data storage, think about what you want to do in the event of a ransomware infection. Is the user out of luck? Are you going to pay the ransom? Does your decision change if affected associates exceed a given threshold? Think these things through with the business, IT, and Legal departments to make sure you're all on the same page. It's tough to develop consensus in the middle of a crisis. Table top exercises are a good way to work through these scenarios ahead of time.
Let me know if you have any other thoughts or questions in the Comments.