Ransomware: What You Need to Know

Ben Behnkendorf, Smart City GM at Indiana Convention Center

As a show manager or exhibitor, the data you possess is one of the most critical pieces of the business. If that data were to suddenly no longer exist or be inaccessible, it would have a significant impact. There is a form of malware, called ransomware, which encrypts data. The data still exists but is not accessible. Ransomware has impacted thousands of companies and resulted in hundreds of millions of dollars in losses.

What is ransomware?

Ransomware is a form of malware that runs on an infected computer and systematically encrypts as many files as it possibly can. Its reach isn’t limited to the infected computer. The program can infect other workstations, servers, file servers, etc. If the entire office of an employee all accesses a shared drive, it’s possible that everyone’s work could become encrypted. Pictures, documents, programs, videos, would all be inaccessible. If you were preparing for an upcoming event, this could spell disaster.

The infected computer will typically have a popup saying that files have been encrypted and the only way to undo the damage is to pay a ransom with bitcoin. The demand can be hundreds to thousands of dollars. Even if the payment is made, there is zero guarantee that the entity receiving the ransom will follow through and provide a method to decrypt the files.

There are some decrypters from several well-known antivirus companies that can try to decrypt the files, but it is never guaranteed. That is because ransomware has morphed into a plethora of versions that utilize unique encryption keys for each infection. That lowers the chance of decryption to virtually zero.

How to prevent ransomware from happening?

To stay safe from ransomware, as well as other forms of malware, it’s imperative that all computer systems run a form of antimalware or antivirus and regularly receive updates. Any computer needs to be retired or updated if running an unsupported version of Windows. Windows Vista support ended on April 10, 2017, Windows 7 support ends on January 14, 2020, and Windows 8.1 support ends on January 10, 2023. This means Microsoft won’t release any additional security updates past that point which could leave the computer vulnerable to new forms of malware in the future.

Employees should be very cautious when opening email attachments from any sender. If it seems out of place, don’t open it or ask IT for assistance.

Proper data backups are essential

If ransomware strikes and immediate action is taken to ensure that the infection is eliminated, it’s possible that data can be restored from backups so long as the backups haven’t been infected themselves. Adhering to a rigorous and frequent backup policy is essential to any business.

The 3-2-1 rule is a great starting point for a backup policy.

3 – At least three copies of the data.

2 – On two different types of media.

1 – One copy at an offsite location.

From time to time, the backup should be tested by IT to verify that files can be restored and that the correct files and folder are being backed up. The IT department should also occasionally check that the backup schedule is accurate, that the backup ran successfully, and that there are no file errors. It would be terrible to be rushing to put the finishing touches on an event, need a file from a backup, only to find that the backup had been failing for the past six months and there’s no backup of the file in question.

“An ounce of prevention is worth a pound of cure.” – Benjamin Franklin

 

You might also like: Cyber Security Checklist for Event Planners