Ransomware is one of the ways SoHo companies get hit with Internet “awful”. A drive gets encrypted so you can no longer login and/or get at your data, and you are then contacted to pay a ransom. Large companies are negotiating multi-million dollar settlements when hit with ransomware, and though often times paid ransoms are honored (bad for business if a ransomware entity gets a reputation for not honoring paid ransoms) there’s the aftermath for SoHo businesses in addition to cost and stress of how to determine if they still have dangerous code on devices and/or their networks.

While SoHo companies typically aren’t looking at large company kinds of ransom amounts, a SoHo’s data are just as important to them as any company’s are, and so worth some care to prevent a ransomware event.

Ransomware as software, often gets installed after the bad guys get invited in, meaning for SoHo companies the breach doesn’t usually start with a breach of the firewall from the net. It can also happen a myriad of other ways, and one of your best protections is to make sure that you are using an antivirus and antimalware tools, and that all your software is up to date (including windows and mac OS patches).

These invitations have some common features (with infinite creativity around them). You get an email, text or a phone call that appears to be from a vendor or government agency you use and trust that either is either framed as “we are here to help” or as “the sky is falling and you’d better….”. E.g., “you need to change your password”, “it’s IRS and boy are you in trouble”, “it’s Amazon and a package has gotten misdelivered”. You click on something and install it; you “reset a password” that includes your current password; you invite someone you don’t know to remote into your computer where they have access to install ransomware.

First, typically these vendors or the government don’t contact you like this. Second and regardless, a good of thumb is to verify who is contacting you: i.e., take a breath before you act. If it is an email, see if the sender’s address has the correct, proper domain name in it (e.g., if from amazon, does the return address have “amazon.com” at the start). If a phone call, either hang up or say you’ll call the company to verify and then hang up. Same with texts, take a breath and verify. One additional note, when trying to find a company phone number from a search, often times the initial hits will be advertisers or fake ones, so make sure again that the domain name for the company is in the start of the url before using a listed phone number. If possible, verify from a bill or other documentation as well. Measure twice, cut once.

FYI a VPN may not be of much help. A VPN is a secure tunnel that protects you against 3rd parties trying to use internet traffic to aim an exploit. VPNs, however, merely create a connection to a remote machine and once established, allow hackers to target malware from your machine at a remote one (where IT staff may or may not have set up measure of protection, but the VPN in and of itself usually doesn’t provide this).

If the best way of dealing with ransomware is being mindful and avoiding scams in the first place, there are additional measures you can pursue involving backups. PCs and Macs allow you to wipe your drive and restore a machine, but that’s only palatable if you can restore you data too, hence the need for clean backups (it’s possible for the bad stuff to get put on a drive . You can also run your computing from within virtual machines (pcs/macs and servers), which can then be restored back to a last “known good”. Make sure you have very strong passwords on your networking gear, as malware can get into the firmware if your network devices are logged into and accessed.

Backup approaches include 3rd party software like Carbonite (native backup/sync solutions like icloud and onedrive don’t offer this protection or offer it as well). You can also go cheaper/old school and swap usb drives, but this requires that you remember to run malware/virus scans against these drives and to swap them. You would still need to restore your machine.

Please contact us if you’d like to discuss strategies to prevent malware or believe you’ve been hit with it.