I just got done reading an interesting article on ransmomware as a service.
It got me thinking about just how creative criminals can be. I mean these guys not only created a program that can sneak onto your computer (usually with help from you by the way), find your precious files and encrypt them. Then make you pay to get them unlocked.
OK not super hard programming, but still requires a fair amount of work. But they also built an entire business model around it. If you want to use it, you basically use their code and send it out and they handle all the backend money collection via bitcoin, take a reasonable 25% cut and pass on the rest to you.
The even offer guidance on making the emails believable (so people will click on it and install the bad code) and help with pricing. There are a lot of companies that aren’t as channel friendly!
That said though this is going to get bad for people. If you don’t have a good backup plan for all of your servers and workstations you need to get one ASAP. Remember replicating your data to a DR site is NOT the same thing as a good backup plan. The data that gets replicated is going to be encrypted too, so it won’t help you.
It’s also a good time to review “least privilege” and make sure that your IT administrators aren’t using administrator accounts to do their regular work. If they are and one of them gets hacked, plan to restore all of your data.
These ransomware programs encrypt fast, much faster than a restore from tape will take.
It’s also a good time to remind your users about basic good security. If you get an email that seems at all suspicious don’t click on anything and if you do immediately turn off your PC to reduce damage until someone in IT can remove the drive, connect it to another machine and safely scan and clean it.
Of course, we are always willing to help you with any of these steps, just contact us. We do strongly encourage you to review your security before something happens, though sadly in the real world sometimes companies won’t spend money until after the damage is done. In security circles we call them victims.