If you’ve been following our Facebook page or scrolling through the tech news, you’ll know that Ransomware is running rampant through the business community. For those not ‘in the know’, there are a few common families of the malicious software often dubbed the Locky virus. Don’t let the pleasant sounding ring of Locky fool you. This virus is extremely effective at disrupting businesses by encrypting data as securely as banks do. Upon completion of its mission, the virus then informs you that it has locked your files and allows you to purchase the decryption key for a large sum of money.
The business model has worked and ransomware campaigns are becoming more and more popular, targeting businesses in wealthy countries. The virus has gone through several evolutions and continuously adapts to increase efficaciousness. There is presently no AntiVirus endpoint protection software capable of detecting the presence of Locky on your system. The detection occurs when you attempt to access a file…and can’t. Concerned? You should be.
We’ve helped approximately 20% of our clients recover from the aftermath of these ransomware attacks. However, you should educate yourself and your staff. Start implementing the following practices to mitigate the effects of an infection:
- Regular Backups: There are three ways address your encrypted files: (1) Pay the thieves for the decryption, (2) Forget about the data and move on, or (3) Restore your files to the last backup. If you would like to discuss your current backup strategy, let us know.
- DON’T enable macros in a document received through email: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
- DON’T open attachments or links from unsolicited emails, even if it is from someone you know. It could be that their email account was compromised and the crooks are using it to entice you to open the document.
- Avoid Mapped Drives: Microsoft no longer recommends using mapped drives and neither do we. Right now, the only path the virus has to your server is through your mapped drives. In the image below, you can see that there is a mapped Q drive to QVTools highlighted in blue. This allows a path for the virus to the server. The better method is to make a shortcut under the Favorites section (highlighted in yellow). It may be that you have programs which require mapped drives. Please let us know if you need any help implementing these changes.