It is a myth that I.T. service companies pray for issues like Ransomware so we can get more business. Sure, there’s nothing like staying up 38 hours straight fixing a hacked website that we don’t even manage.

This is my third such column on Ransomware. The trouble I have with the Wannacry worldwide outbreak is quite obvious. If you are a business of any size and are managing the I.T. on your own, this is a mistake.

In this day and age you need every bit of protection possible. Most owners of SMBs (small to medium-sized) businesses or schools included have little to no time to maintain all of their I.T. At the Garb I.T. Consulting Group we not only make sure all the PCs and servers have the latest and greatest Windows updates. We end up fighting with some of our clients on maintenance windows, when we need to make the updates.

Anyone who has met me knows I am willing to be the scorn of all the staff to keep any of our clients safe. If you are using XP or Windows 8 this is a timebomb.

To make sure you are running everything as you should, please feel free to reach out to GCG I.T. or any comparable MSPs (managed service providers). There are many here in the Bergen County area.

Here is a roundup of my previous advice about Ransomware. I had never received one email about ransomware, (until a few weeks ago) but I should! To review: Ransomware is a type of malware that prevents or limits users from accessing their system.This type of malware forces its victims to pay the ransom through untraceable online payment methods. Rumor has it that the NYPD was hit and actually paid these criminals.

Ransomware hackers live in the part of the Internet called the “dark net.” This is an area that Google does not get hits for. Here are the steps that occur:

1. Files get hit with ransomware.
2. User opens files and there are instructions as to what happened to you and how to pay.
3. The pay options are in Bitcoin. The price starts at $500 per week. Every week you don’t pay will cost $500 more. Bitcoin is completely untraceable. I assure you these criminals will not get caught.
4. Every time you click a file, the ransomware will grab the important files—databases, QuickBooks, everything you need. You will see the extensions that will end in ccc. It will spread to whatever drive the crypto virus resides.
5. Hackers will send your files via the Tor network to their servers.
6. Files are encrypted with a key that only the hackers have. The files cannot be recovered. Viruses cannot be removed. No anti-virus software is be able to remove this cryptolocker.

Recently, one of our new clients got hit with an older system and had no backups. This becomes a financial issue as well.

I’d advise everyone to check their business insurance and see if there is coverage for these kinds of incidents. Note that insurance companies will not pay ransom but will pay to get your business as it was pre-crypto. I spoke to one of the third-party adjusters and he told me they are getting 25 calls a day regarding crypto/ransomware. Many adjusters are privately telling companies that they have no choice but to pay ransoms.

If anyone is unsure if you should make a claim, you can call my office at (201) 379-9234. We have a full-time attorney and can provide expertise on this kind of attack.

I strongly suggest you do not pay these people. Once paid you are supporting people who could be terrorists, drug dealers or worse. These are not a bunch of teenagers in their parents’ basements.

Here is the deal: Do not be fooled and think you have an I.T. group or person who can remove the crypto virus. It’s not possible, and the criminals know this. It is one of these situations that can place you in a bad place either way. Either pay these criminals and risk getting your files back in pieces or not at all. Or your files are not recoverable with the crypto lock on the files.

Most importantly, if you are not backing up your files daily, you will get hit. If you have no firewall at your office, you will get hit. No current anti-virus? You will get hit.

The backups should not be on an external as the only place for the files, as the crypto virus will infect mapped drives, shared drives, USB and external drives.

The backups should be in a good cloud backup that is encrypted and something called “versioned.” Versioned means that if you have an outage and need to restore, your files can be restored to an exact date that you remember being without the virus. Your IT professional should be well versed in backups. At GCG we live, breathe and eat data backups. At least a month’s worth of data should be able to recovered to its exact state. Hence, daily encrypted backups are critical.

The backups should be monitored every night.

Keep a USB drive copy of your most critical files. Put the key in a safe deposit box and/or a fireproof safe. Scan all of your passports, driver’s licenses, house insurance, car insurance and birth certificates. These documents may be needed to order new ones.

Ransomware really is horrible and the lowest form of hacking. There used to be some sort of code to hacking. These guys are criminals; their aim is to put people in a tough spot. It’s not my style to say there is no answer. But in this case, it’s really miserable.

Of course, the anti-virus companies and the government will be on top of this and will eventually come up with a solution. IT professionals are constantly reading to stay ahead of the hackers, though currently there is no program or group one can hire to recover ransomware crypto-locked files.

All I can say is the following: Back up often. Back up daily.

By Shneur Garb

 If you have any questions or comment, Shneur Garb can be reached by [email protected]. Shneur is the CEO at The Garb IT Consulting Group in Teaneck, N.J.