So, now you know what ransomware really is.
For the past year, I’ve been talking to my clients about it. I’ve been speaking and writing about it. I’ve watched it turn into an enormous, profitable, underworld industry. Now you’ve seen the effects. You read the reports over the weekend about how the WannaCry virus found a flaw in Windows XP and infected something like 10,000 organizations and 200,000 individuals in more 150 countries, even risking lives by shutting down Britain’s National Health System. You now know how real (and dangerous) it is.
With ransomware, a hacker can infect your computer simply by tricking you into downloading and clicking on an attached file or, more easily, getting you to click through to a seemingly real website. When that happens, you’re cooked. Once you click, the malware that’s launched will lock up and encrypt your files on your computer and, if you work for a business, on your entire network. The only way to unlock those files is by getting an “unlock key,” and the only way to get that is to pay the ransomware maker — who I’m sure is a very upstanding and trustworthy guy – in Bitcoin (really?). At that point you not only have to hope that the ransomware guy will send you the unlock key, but also that he won’t either again infect your system or tell his hacker friends that he found yet another dope in America who was willing to pay the ransom so that they could join in the fun a few days later.
It’s terrible. But, admit it: WannaCry is a pretty hilarious name, and ransomware is a pretty genius idea. It’s the first malware where the malware-maker can make money. Up until now, the viruses and other malicious software created by hackers from God-knows-where were just an enormous headache to us all. The only guys making money in the business were the antivirus firms and the ones who were smart enough to figure out how to steal credit card and other personal information from banks and large companies and then resell that information on the dark web (whatever the hell that is).
But ransomware is way more profitable, and this is why it’s expected to affect millions of businesses in 2017 and generate the hackers more than a billion dollars. Like I said, pretty genius. I wish I were smart enough to have come up with it.
So what do to? Believe it or not, the defense against ransomware isn’t so tough, particularly if you’re just an individual or a small business. First of all, you shouldn’t be running Windows XP — it’s an obsolete operating system. Admit that you’re a cheapskate, bite the bullet, and upgrade to Windows 10. (If you’re already running a newer OS, make sure you install all the latest security patches.) You can buy and install the latest antivirus software from the likes of MacAfee, Avast, or Malwarebytes. You can also get your people trained — once again — not to be stupid and click on files that seem suspicious. All those steps will help. But there’s something else that’s even more effective: Just simply back up your data with an online backup provider.
Online backup services have been around for years. You probably know the names: Carbonite, Mozy, Barracuda — even Microsoft. But ransomware has made them more important now than ever. If you use a service like Carbonite, which costs as little as $60 per computer per year, your files on your computer or throughout your small business will be backed up continuously throughout the day, behind the scenes and without interference. (Disclosure: My company, The Marks Group PC, provides technology consulting services and we do work for both Carbonite and Microsoft).
If you’re hit with a ransomware attack — and the chances are you eventually will be — all you need to do is go back to the last good backup and restore it. Sure, it’s still a pain in the ass. Yes, it will probably involve the help of your tech person and some effort on your behalf. True, it’s annoying AF, and you will want to kill someone. You may lose a few hours or even a day of data. But the reality is that you’ll be back up and running in no time, you won’t have paid a ransom to some dick in Ukraine, and you won’t be on the target list for future attacks.
Of course, restoring from an online backup isn’t so easy for large organizations like Britain’s National Health Service, Spain’s Telefonica, and France’s Renault. But for the rest of us — individuals and small businesses — it’s a simple solution to a large problem.
Gene Marks, CPA, runs a ten-person technology consulting firm in Bala Cynwyd. He writes daily for the Washington Post and weekly for Forbes, Inc. Magazine, Entrepreneur Magazine, and the Huffington Post.