What is Ransomware?

Short answer: Ransomware is malware that encrypts and locks all files (using AES encryption) on your server, hard drive or network. Hackers breach your system’s security, install the Ransomware and then demand an arbitrary dollar amount (requested in Bitcoin currency as it is harder to trace) for the key to decrypt your files. Once hit, the hackers usually give you a week to pay the ransom before permanently deleting all of your files.

Ransomware first reared it’s ugly head a few years ago as a malicious malware attack on computers and private networks (usually business networks). Reports are now surfacing of a rash of Ransomware attacks on websites, which is a logical progression, unfortunately.

What can I do to protect my website from Ransomware?

  1. Make sure both your server and your website(s) are protected with a firewall.
  2. Use secure, strong usernames and passwords for your website login, server login, FTP/SFTP and database credentials. NEVER use “admin” or “yourname123” or your business name as a username OR password.
  3. Keep your Content Management System (WordPress, Drupal, Joomla, Magento, etc.) and it’s plugins and extensions up to date. When new updates are released, they are usually intended to improve security.
  4. BACK EVERYTHING UP! Be vigilant about this! Take regular backups of your entire website directory as well as the database(s). Most people don’t realize that the database is the most important part of their website. With Content Management systems, your content is all stored in your database and your files call to the database to pull and display your content. Without your database, you will not have a website. So far, these website Ransomware attacks are not targeting the databases at all … but I’d bet A LOT of money that is going to change in a very short time.
  5. Store a copy of your backups somewhere other than on your server. If all of your files are locked by a Ransomware attack and your backups are on your server, well, your backups will be useless to you. It’s best to keep a copy locally (on your hard drive) AND in the cloud (Dropbox, Google Drive, etc.).

No security precaution is 100% foolproof. In this case, the best way to protect yourself is to take regular backups.

I’ve been hit by a Ransomware attack, what do I do now?!

You really only have three options once you’ve been hit:

  1. Pay the ransom.
  2. Pay a security firm a few grand to attempt to decrypt your files … with no guarantee of a full recovery.
  3. Restore your site from one the many backups you’ve taken and stored securely in a location other than on your server.

For the record, I would not recommend the first option. However, an old friend of mine in NY had his business network hit by a Ransomware attack a few years ago and they ended up paying the ransom. That was not their first response. They discovered they had no backups of their systems thanks to an IT employee who did not do their job well. They then hired a top-notch security firm to help them out. The firm’s advice? Pay the ransom! So, they did pay the ransom, had their files restored and even received a nice thank you note from the hackers promising to never attack their network again.

And, because of the story above, I would not recommend the second option either.

The third option is the best AND cheapest option. At most, you might have to pay someone $100 – $300 to upload and re-install everything for you (unless you know how to do that yourself). After your site has been restored, change all usernames and passwords immediately and consider hiring a developer to do a security audit on your server and website.