Cyber-criminals use ransomware to hold data files hostage by encrypting them and demanding payment in
order to restore them.
“CryptoLocker” is a prevalent form of
ransomware that is particularly dangerous for lawyers and firms. It commonly presents itself as an email with
an attachment that infects the computer (and network) when opened.
One hasty mouse-click by any employee in your office could result in
massive, costly loss of years of work
product and client data.
Prevention and Recovery are the keys
to managing the risk of CryptoLocker
and its variants.
Do not open emails or attachments
unless they are from a known, reputable source. If an email looks unfamiliar, scrutinize the address and
domain name. Red flags include
typographical errors, abbreviations,
and vague subject lines.
Educate your staff, particularly administrative personnel, who are more
likely to receive emails from vendors, delivery confirmations, transcript services, and the like. These
types of emails are easier for cyber-criminals to disguise and use as
conduits to infiltrate your system.
Keep your operating system up
to date. Ransomware authors frequently rely on businesses running
outdated software with known vul-nerabilities, which can be exploited.
Use reliable anti-virus and anti-spyware with an email scanning
and filtering option, and a firewall.
The goal is to restore your system
to the pre-infection condition, while
minimizing data loss.
Comprehensive, professionally-man-aged backups are essential. This includes multiple full backups each day,
incremental hourly backups and file
archiving used for versioning (saving
of periodic changes to files).
Each type of backup should be saved
in different folders and locations.
This keeps the process organized and
protects the integrity of the data.
Offline backups made before the
infection that are inaccessible by infected computers cannot be attacked
by CryptoLocker and its variants.
In contrast, in-house, do-it-yourself
backups often prove to be ineffective
for a variety of reasons:
They are generally too infrequent.
For example, a daily backup that
occurs at 2:00am will not recover
the work performed between 8:00-
11:45am before a lunchtime secu-
Ransomware will encrypt files not
only in your network drive, but also
on any drives that are mapped. This
includes any external drives such
as a USB drive plugged into your
computer, as well as any network or
cloud file storage areas that have
been assigned a drive letter. In-house backups tend to be part of
the existing system, and thus are
easily susceptible to corruption.
In-house backups may only be
partial file, rather than full-image,
backups, thus decreasing the likelihood that entire directories can be
A poorly-monitored backup, left
unattended, can worsen the problem, because if routine backups are
not stopped once the infection
occurs, the affected, encrypted files
could be backed up over the saved
If you believe you have been affected
by CryptoLocker or its variants, disconnect from the Internet, and contact
your network administrator and information technology professional(s) immediately.
One hasty mouse-click by any employee in your office can
result in costly data loss .
TRICIA SCHAFER, CUSTOMER RELATIONS MANAGER,
NexStep’s centralized servers, real-time backups, document
redundancy, and mirroring technology provide the most secure
and economical protection for your data.
Contact us for a quote.
(602) 469-6402, Tricia@Keyed.com
How to Protect Yourself and
Your Firm from Ransomware