Q: How does Ransomware work?

A: The malicious code gets in through emails or web browsing, starts encrypting your data at the source workstation, quickly infecting the rest of the network, until no data is readable or useable. The crooks then demand payment, usually in an untraceable currency like Bit-Coins. Once you pay, they send you the decryption keycode to unlock your files and you are mostly back in business.

Q: My IT provider assures me that we have the latest security measures on the market. Do I still need to worry about Ransomware?

A: Yes. The purveyors of this malware continuously change it and adapt it to evade security measures. Anti-virus will not find them. The most recent strains, according to the Department of Justice are “almost impossible to defeat.”

Q: Depending on what your fee is to restore my system, aren’t I better off paying a small ransom once, and just letting it go?

A: No. Once you give the bully your lunch money, he will come back for more. You’ve no guarantees that the crooks will give you the decryption key at all. Granted, they usually do, but the newer versions of this malware bury code deep in your system for a second attack. Why would they back off from someone who’s shown willingness to pay?

Q: How do they get Ransomware into my system?

A: A number of ways. The two most common: 1) Your employees go to the same business websites every day. The hacker inserts their own code into the site, a pop-up appears (even with pop-up blocker ON), and they’re in; or they click on an innocent looking link on the page, and the trouble begins. 2) Most attacks occur when a user opens an email or attachment they shouldn’t.

Q: My employees have been taught not to open emails or attachments from people they don’t know, so I should be safe, right?

A: No. Beware the wolf in sheep’s clothing. A few months ago, an executive at a large pharmaceutical company opened a message from the Alumni Association at Northwestern University, and the network started locking up before he knew what happened. How many clicks on Google would it take to find out where he went to school? We found the information on Linked-In with no problem.

This question has a number of ramifications: on Windows 10, a small window opens in the lower right corner of your screen when a new message arrives. For people who send and receive many emails and have Delivery Notification set up, it’s often a reflex to click those notifications open, then click them closed, to avoid sorting through many unopened messages later. One bad click without looking will let the infection in.

Q: How can I protect my system from Ransomware?

A: You can’t – not 100%. The best you can do is mount a strong defense: antivirus, pop-  up blockers, email filters, user training – things that most companies already do. You can slim down your chances of a successful attack, possibly forestall it a bit, but you cannot be 100% secure.

Q: Is this always going to be a threat now? Is it the new normal that my system will just simply shut down for a day or so every now and then?

A: Until further notice, yes. Technology constantly advances. Unfortunately, right now, the “geeks for good” are playing catch up ball, while the evil geeks are wreaking havoc. The problem, in a very basic way, is that the technology that the crooks use is woven into the fabric of how the internet is able to operate at all. At this point, it appears a quantum leap would be necessary.