September 1, 2016
We’re dusting off an old blog post to try to help you avoid being caught without a backup. We’ve had an increase in tech support calls due to our clients being infected by ransomware. In some instances, the client did not have a viable backup. They had to either start with a new database which means they lost years of valuable client data or they had to revert back to an outdated backup which means they lost all current data. Don’t let this happen to you! One of the worst viruses we’ve seen over the last 20 years has to be CryptoLocker. It’s more commonly referred to as ‘ransomware’ because it takes various files and encrypts them and then demands a hefty payment to decrypt the files. And, there’s no guarantee that paying the ransom will get your files back. Decrypting the files without the proper key is nearly impossible so prevention is absolutely the key here.
While most crypto variants do not hit database tables, it is possible that database tables may become encrypted with some of the newer strains of ransomware. Having a current backup is critically important!
EDUCATE YOUR USERS: How does the infection spread? It’s typically spread by opening an email attachment, so watch out for any email attachment from an unknown source, particularly those “Please find my attached invoice” type emails. Let common sense prevail; simply do NOT open any attachments from any unknown senders. Once infected an infected PC will browse network drives and systematically start encrypting files within folders that it can discover.
CHECK YOUR BACKUPS: Because Cryptolocker and its variants are ‘dynamic’ (they change their file signature on a regular basis) they easily avoid detection by the majority of the anti-virus vendors. Ensure that your backups are complete and intact by doing a test a restore. Consider implementing a disaster recovery procedure. You should be backing up the ENTIRE Prevail data folder nightly while all users are logged out of Prevail. We suggest that you use a different tape each evening and take at least one tape a week and store it offsite. If you are unsure of what you should be backing up, please call our tech support department, 866-998-4400 option 1, 1 or by email at firstname.lastname@example.org.
USE THE INTERNET TOOLS: If you operate in a small peer-to-peer network (i.e.: you do not have a Windows domain) block executable files from running from the %appdata% folder. Speak to your IT professional about having this preventative measure implemented on your network.
BLOCK INFECTIONS USING GROUP POLICY: If you a have a corporate domain (a domain controller) you can block emailed executable attachments from running on your workstations. Speak to your IT professional about having this implemented on your Windows domain network.