If you ever want to see your customer again – don’t pay the ransom!

Randal Wark Uncategorized Leave a Comment

The Cryptolocker Trojan may not be the most evil malware out there, but it does come close.  Many VARs are using this unfortunate threat to have a conversation about backups, disaster recovery and business continuity.

For those VARs looking to start an MSP model, or those MSPs who wish to add new layers of service to your business, think about Managed Backup Solutions.  Some VARs are charging a monthly fee to verify backups daily and perform planned recovery tests.  Others are implementing DR solutions based on best of breed solutions that will allow the spinning of a Virtual server to dissimilar hardware in an amazingly short time frame.  We have seen VARs create their own private Cloud recovery sites or keep it simple and use vendor supplied solutions.

Whatever solution you decide, don’t wait till it’s too late and your customer has the big red Cryptolocker warning in front of them.

How to approach the topic?

Before focusing on the solution, you first need to…let’s be honest…scare the pants off them!  Educate your customers to the current wave of threats, we sure have had our fair share lately:  Heartbleed, Cryptolocker and even major websites getting hacked and having user data stolen.  Every major anti-virus company has a threat information page with statistics and trends that you can use to educate your customers.

But, for now, let’s keep it simple.  If you knew that a flood was coming, what would you do to protect your house?  Would you put a couple of sand bags on the front lawn and hope for the best?  You would put protection all around your house!  You would get a pump ready to repel any water that made it through.  You would take an active approach to monitoring your defences, right?

Why is your customer’s data any different?  We are inundated with a flood of Viruses, Trojans, Worms, and all sorts of Malware that will keep trying to find the crack in your defences.  The scary part is that many companies have few tools in place to protect them.

Do your clients have a centralized Anti-Virus protection?
Do your clients have perimeter security such as an up to date Firewall?
Do your clients have a SPAM & Malware solution for emails?
Do your clients have an offsite backup strategy such as Cloud Backup?
Do your clients have a business continuity plan?
Do your clients protect BYOD devices from infiltrating the network?

Var Office Suite can help you fill in the gaps when it comes to protection and suggest best of breed solutions that will allow you to take an active approach to your client’s security and add layers of revenue for something your clients desperately need.  We like the win-win scenario at all times.  Your clients win peace of mind and you win their trust.

Here is a sample email that can be used to start the conversation with your customers.  Feel free to adapt, adjust and plagiarize to your hearts content.  Before you start the conversation with your clients, start the conversation with VAR Office Suite to make sure you have the right tools which will secure your customer’s data.

How to Protect Yourself from Ransomware?

What is Ramsomware?

Imagine you left for a vacation and upon your return home, you find out that all your locks have been changed and there is a note on the door saying to pay $300 to get the key. You look in through the locked windows, everything is there…but you can’t get in. This is basically the situation some companies face, finding out that their precious data has been locked up by criminals asking money in exchange for the key.

What is Ramsomware? Just like the name denotes, a ransom is needed when something is taken hostage, in this case, all your documents, spreadsheets & images.

The current threat is Cryptolocker (surfaced in September 2013), which can slip by your anti-virus solution, start encrypting your files using a two key system, one key they keep and will only give you if you pay up. They give you 72 hours to pay or they will delete the second key. Currently, we have seen either $300 or $400 as the ransom price.

What does it do?

The Trojan will install itself and scan your computer, USB attached storage, cloud drives (e.g. Dropbox) and network drives to start encrypting those files. Only when the job is done do you get a big red pop-up letting you know what is going on. The infection is fairly simple to remove but its purpose is irreversible without that second key that they hold hostage.

How can you get Cryptolocker?

You can inadvertently install the Trojan via a zipped attachment from what seems to be a PDF from a reputable company (UPS, FedEx, Xerox, etc.). You can also get infected via a hacked website which will take advantage of outdated plug-ins. If you are still using XP, you are no longer protected for any new vulnerabilities and the risk is much greater.

How can you protect yourself?

Although an anti-virus solution is not a guarantee of the cat and mouse variations of this Trojan, a good paid anti-virus solution is recommended and will help reduce the risk of this and a myriad of other attacks.

If you are on a Domain, a set of rules can be put in place to block the behavior of this Trojan.

Do I pay the ransom?

Unfortunately, for some, paying the ransom might be the ONLY way they can get their data back if a valid and current backup does not adequately protect them. Giving money to criminal is something to be avoided, if at all possible and there are no guarantees that it will work. One can easily restore the unencrypted files from a backup and reverse the effect of the virus. The only loss would be documents created or modified since the last valid backup. If the Trojan has been running for a day or more, you might have to return a few days behind, so a loss of productivity is the issue.

Choosing the right backup strategy

We used to have a backup conversation with clients, but as we rely more and more on technology and our precious data, we are now moving to a conversation about business continuity. Here are the questions you need to ask yourself:

· How damaging would it be if my data was suddenly gone?
· How long can I afford to be without my data?
· How much data am I willing to lose between valid backups?
· If my server had a hardware failure, how long is my business going to be without it?
· Have my current backup been validated with recovery tests?

<<Your Company Here>> is committed to protecting your precious data. Not only do we offer a secure offsite Cloud Backup Solution that would allow you to recover your files from an offsite location, we also offer solutions where we can recover a whole server to a temporary location within a matter of hours, based on 15-minute snapshots.

There are only two types of people: Those who have lost data, and those who will! Let us have a conversation about your backup strategy so that when you need to recover some or all of your data, you can sleep well at night knowing the loss will be minimal or non-existent.

Call us today and have the confidence to say to the Cryptolocker criminals: No – I will not pay!

Leave a Reply

Your email address will not be published. Required fields are marked *