Ransomware and Backups

Ransomware and Backups


Ransomware and Backups



Ransomware is a type of malicious software (malware) that locks you out of your computer and demands money to unlock it.


These types of attacks can happen at any time to anyone.


Ransomware is almost always something that is downloaded or launched by the user intentionally or otherwise by clicking a link or visiting an infected site.



Backups, Awareness, and Updates are the keys to living with the constant danger of data loss.



Backups:

Most importantly, keep regular backups of all your important files.


The backup doesn't need to be fancy, copy and paste or drag and drop, most of the important stuff will be in the My Documents folder, but also check for documents on your desktop and save the bookmarks from your browser.


A simple routine would be:

Use two flash drives, one somewhere safe nearby or on your person, and one locked up offsite.

Backup at least once a week with the one flash drive and bring the off site drive in once a month for a fresh backup.



Awareness:

Staff needs to be aware - knowing that it could happen and being on the lookout is half the battle.

Malware is almost always something that is downloaded or launched by the user intentionally or otherwise by clicking a link or visiting an infected site.

Common sense and caution are needed when following unknown links either from an email or search results.



Updates:

Keep staff PCs updated, some of these attacks rely on known weaknesses in the OS.

Windows updates will patch and update both the Windows operating system itself and it’s built in antivirus.


MidYork uses Windows' built in antivirus ‘Security Essentials’ on Windows 7 and ‘Windows Defender’ on Windows 10 for the libraries.


The most dangerous malware is the stuff that targets new vulnerabilities in computer systems.

No AV program can prevent these '0 day' malware so installing ‘extra’ antivirus is pointless.

I find the third party AV programs usually cause more problems than help since they try to do too many things: AV, firewall, PC health, etc. and generally interfere with Windows normal operations.

In my experience they are no more effective than Microsoft's AV.



Generally when ransomware attacks happen your screen will fill with a full screen warning and instructions; something like these Ransomware screenshots

Some have audio with warnings and instructions. Often your keyboard and mouse will be disabled.


If a staff machine is hit with ransomware, turn it off immediately, don't click anything on the screen; either hold the power button in until it shuts off or pull the power cord.

The longer these things run the more damage they do.

Start it up again and usually things will be ok, run a virus scan, but if there is any sign of trouble turn it off and leave it off and contact us to retrieve the data if possible.


Public pcs just need a reboot, deep freeze or Windows Configuration Designer should take care of the malware.



Good backups are crucial.

With a known good backup of your important files all of your options are open.

Even if the machine is badly infected and all data encrypted or corrupted beyond hope of recovery we can simply wipe the machine reinstall and restore the data from your backup.


A backup is the single most important safeguard when something goes wrong no matter if it is a hardware failure, malware, virus, intentional harm or just a mistake.