RansomWare: Could it happen to my school?

10/28/2019

What is RansomWare?

RansomWare is a kind of software or program that takes your data hostage.  The attacker will demand money in exchange for the hostage.  Once the ransom is paid, that attacker promises to return the data to you.  

What happens to the data in a RansomWare attack?

The data reamins on your server or work computers, but it is encrypted by the RansomWare program.  You cannot use it.  However, in most cases, the attacker is not in possession of your data.

How can I prevent a RansomWare attack?

For the malware (bad software) to not just get on your system, but to be executed, someone with administrative privileges was involved.  Maybe they use the same password regularly and someone found it.  Or, more likely, they left a remote access port open with weak protection.  Securing remote and listening ports on outward facing devices is easier these days as many services are hosted on the web.  The only listening port necessary may be a remote management line.  Restrict it to a single home IP address of you network admin or pay a little extra for a VPN service.  Sometimes this service is included in an annual support fee for a security device like a firewall or router.

Keeping regular backups that are offline or away from the server and not on any listening ports is another possibility.  If you have a good backup, you can just reset all infected devices and transfer the backup files to them.  This can range from easy to difficult, depending on how much data was encrypted and on how many devices.

There are programs that can run on your network and end devices that will search for RansomWare and other attacks.  While that sounds great, they can use up resources or have a high annual fee and maintenance cost of installing and maintaining them.  Windows Defender (free) has some RansomWare detection, but no system is guaranteed.

What are my options if I experience an attack?

After the port or method of attack was determined and fixed (blocked or account disabled), look at your backups and consider the value of the data.  Many schools house their important data on Renweb, Planbook, and Google Drive.  So little is stored on a local server, it hardly seems worth the fuss to restore the files.   

If the data is valued and no backup is available, paying the ransom does not guarantee the hacker will send the decryption key (although most of the time they do).  But what would you do if they didn't?  Then you would be out money and files.