Dismiss Notice
Hey Guest, make sure to follow us on Twitter! Say hi and we'll be sure to follow back!

Ransomware attacks: what small businesses need to know

  1. iStock_MartialRed
    Francois Badenhorst

    Francois Badenhorst Deputy Editor Staff Member

    Posts: 75 Likes: 16
    7 |

    Barring the more IT savvy UKBFers among us, chances are you had never come across the term ‘ransomware’ before this weekend.

    But thanks to this past weekend’s devastating ‘WannaCry’ ransomware attack, the term has smashed its way into the public lexicon. The NHS bore the brunt of the attack in the UK, with pharmacies, hospitals and GP surgeries affected.

    So, before we get too far into it: just what in the hell is ransomware?

    It’s a denial-of-access attack that prevents computer users from accessing their files. The user then has to pay a ransom to regain access (hence: ransomware). Simply put, it locks away your files and sells you the key.

    In the instance of WannaCry, the malware demands a ransom of £230, paid in the untraceable cryptocurrency BitCoin. The virus has netted £37,935 in ill-gotten gains as of Monday, according to Wired Magazine.

    As Brian Krebs, author of the excellent blog Krebs on Security, explains: WannaCry works by exploiting a software vulnerability within Windows computers.  

    The issue is that Windows is the world’s most popular PC operating system. So this weakness is a massive concern (there’s also all manner of NSA intrigue which you can read about here, if you’re interested).

    The thing is, it’s not actually that difficult to remove the ransomware itself from your computer. But if you remove ransomware that way, your files go with it. So if you don’t mind losing all your files - then that’s an option.

    That’s not gonna work for business owners, though. First, if you’ve got infected - don’t just pay the ransom. This is quite a scary thing to do since WannaCry’s ‘ransom note’ features a clock ticking down. But hold tight, there’s help out there.

    The best place is No More Ransom, an organisation backed by the major security firms and a plethora of government organisations. Approach them and ask for advice.   

    Of course, the best thing is to not let your computer get infected. First off,  my fellow Windows users: our Microsoft overlords have released a patch plugging the security flaw. If you haven’t done it, stop reading this article RIGHT NOW and get to it.

    Got your Windows patched up and sorted? Good. Next step: implement some best practice with your computer use. Keep an eye for patches on the programmes you use; keep them updated. Don’t open random attachments or links. A simple move is to hover the cursor a link and check if they look legitimate. The URL will appear in the bottom left corner. If I hover over a link from UKBF, for example, the little bar should read some variation of: http://www.ukbusinessforums.co.uk/.

    With these matters, I’ll defer to the expert. It’s best to follow the aforementioned Brian Krebs’s three golden rules of computer security:

    1. If you didn’t go looking for it, don’t install it

    2. If you installed it, update it

    3. If you no longer need it (or, if it’s become too big of a security risk) get rid of it

    #0
  2. The Byre

    The Byre UKBF Ace Free Member

    Posts: 4,816 Likes: 1,939
    Most ransomware is pretty primitive stuff and can be written by a child. It is often only slightly more complex than the old basic joke-command "10 goto 10".

    It works well in Windows XP because that was that last version to still have a DOS start-up command, so anyone with a knowledge of how to write a batch start-up command can get rid of such ransomware - or conversely, write it in the first place, telling the PC to display a ransom note with instructions. If you can place a simple display command in a 'startup.bat' file, you too can earn £37,935 by Monday!

    To get rid of same -

    Put a DOS boot-up disc in the floppy or CD drive and boot-up from that. Enter the offending startup.bat file on the root directory and find the naughty command line and delete it. Job's a goodun!

    Now all I have to do, is work out how to get a ransomware notice into Windows 10 . . .
     
    Posted: May 15, 2017 By: The Byre Member since: Aug 13, 2013
    #2
  3. Francois Badenhorst

    Francois Badenhorst Deputy Editor Staff Member

    Posts: 75 Likes: 16
    The ransom note for WannaCry was weirdly genial, too. Just like: Hey yeah, we got your stuff. Send us some dough, please. Thanks.
     
    Posted: May 15, 2017 By: Francois Badenhorst Member since: Aug 25, 2015
    #3
  4. Francois Badenhorst

    Francois Badenhorst Deputy Editor Staff Member

    Posts: 75 Likes: 16
    Sorry to hear it! How'd you handle it? Did you manage to get your files back?
     
    Posted: May 17, 2017 By: Francois Badenhorst Member since: Aug 25, 2015
    #5
  5. The Byre

    The Byre UKBF Ace Free Member

    Posts: 4,816 Likes: 1,939
    Paragon Rescue Kit is what the doctor ordered. It takes over the boot-up process and allows you to get your files off the PC, before reorganising the boot-up process and negating the ransomware.
     
    Posted: May 17, 2017 By: The Byre Member since: Aug 13, 2013
    #6
  6. Henry Dalziel

    Henry Dalziel UKBF Newcomer Free Member

    Posts: 4 Likes: 0
    Simple patching on all Windows machines would have solved the issue but in many cases re-booting a server or an employees computer can be a challenge.

    This might be helpful - the 3-2-1 strategy:

    A 3-2-1 strategy means having at least 3 total copies of your data, 2 of which are local but on different mediums (read: devices such as a USB stick and an external hard drive), and at least 1 copy offsite. Do that and you are all good.
     
    Posted: May 18, 2017 By: Henry Dalziel Member since: May 18, 2017
    #7
  7. ffox

    ffox UKBF Regular Free Member

    Posts: 530 Likes: 85
    Windows is the worlds most popular operating system claiming around 70% of all users -

    https://www.w3schools.com/browsers/browsers_os.asp

    But Windows XP is used by only 0.8% of all users, despite it still being in use with some of the largest organisation in the World.

    As XP is the only version of Windows affected, the actual number of users impacted is quite small on a global scale.

    BTW. Large organisation use Windows XP for a reason and that is legacy software. In the case of the NHS for instance, most MRI scanners run Windows XP software, MRI scanners have a service life of 10 years and cost over £500,000 to replace. Not easy then to upgrade, or to write off.

    The simplest way to protect yourself from Ransomware is that pointed out by @Henry Dalziel, make sure you have a sound backup, plus a disaster recovery plan that has been tested. This applies even if you only have one PC and one user.

    Windows 10 and cloud storage, plus a local backup (on a PC) and a disconnected backup (USB stick, removable HDD, tape, etc) deliver simple to use, and rapid recovery options.
     
    Posted: May 20, 2017 By: ffox Member since: Mar 11, 2004
    #8