Offering a "full-stack" "full-lifeycle" experience to maximise the opportunity for our customers.
Designed to keep you at the cutting edge of AI, Cyber, and IT advancements, we are voicing the unsaid and shaping the future of business technology solutions.
Latest Insights
As a Business Technology Services Partner, we explore the art of the possible.
Our Microsoft Partnership
Thank you for your interest in Acora. We'd love to hear from you! Please feel free to drop us a message via our contact form.
Follow Us
Work with us
To view this video please enable JavaScript, and consider upgrading to a web browser that
Home News room How the power of encryption can be turned against you & your business
Acora is a UK based, award-winning IT services and technology company with over 25 years’ experience. We provide a range of IT support and Microsoft-centric business software and cloud solutions to help mid-market organisations modernise their IT so they can compete and win in the digital economy. More than 200 clients trust us to take responsibility for part, or all of their IT from solution design to support.
Ransomware, in its simplest form, is a type of virus that demands the user/s of an infected device pay a ransom, which can be in any form of currency and/or multiple other forms of payment. A good analogy would be a hostage situation, and I’m sure we are all aware how nasty they can sometimes turn out to be.
One of the most common versions of ransomware, that most of us have heard of, is CryptoLocker. Now can any of you guess what the ‘Crypto’ part of this nasty piece of code means? You guessed it, it’s short for Cryptography, which is the foundation on which encryption algorithms are built.
CryptoLocker, is a piece of ransomware that users can receive in a manner of different ways. The most common is in the form of an attachment in an email, that looks on first glance to be from a legitimate sender. The attachments are usually in the form of .zip, as this prevents a lot of spam filtering solutions from seeing what is hidden inside, and this is usually where the ransomware is stored.
Once the attachment is extracted, there is normally what looks like a simple office document. If the user opens the document, the ransomware will be loaded onto their device.
The first thing ransomware does is generate a private key on the infector’s server, and then tells the ransomware on the device to use this to randomly generate more keys for it to do its work.
Its work is not very harmful at all, in the sense that it does not actually do much, it won’t harm your devices operating system or how it actually functions. What it does is it looks for all file types that it has been configured to look for, on all local drives on the device. It then looks for any files that match what it is looking for and encrypts them with the private keys generated from the infector’s server.
Whilst this is going on most users won’t notice anything until it’s too late. The ransomware often has enough time to encrypt all of the users’ files on their device, resulting in nothing opening as it should and notifications of corrupt files. Ransomware can also encrypt files on shared drives, resulting in other users having trouble opening files.
In most cases, once the ransomware has finished encrypting files, it usually opens a window on the infected device stating that all the files on the device have been encrypted. Often, it will then communicate that the user has 24 to 48 hours to pay the ransom or the private key that they encrypted all your files with will be deleted from their server.
So just picture the scenario, nobody can access the files they need to do their work. IT are franticly looking for the device that started the encryption off, and the whole business comes to a standstill. All of this, just because the designer of the ransomware wants 2 bitcoins from you to decrypt all of your files.
See, encryption really can be used against us and very efficiently!
You’ll need to recover from this disaster and get your users back up and running. The approach you take will depend on how you want to deal with the ransomware’s demands. You could pay the ransom, or start recovery from your last backup, you should try and find the original device affected and take another look at your security systems. There are lots of valid actions that need to take place in a very short time frame.
If you have been in this situation, but never found out why this happened or your current IT services provider didn’t give you an explanation, then feel free to get in touch with Acora. We can get to the root cause of the issue and suggest improvements that can be made in order to stop this from happening in the future.
The main thing to do is find the culprit device and remove it from your network ASAP, and then start the recovery process.
Personally, I would never pay the ransom. As this only encourages them to develop better and more efficient code that can repeat this process on millions of devices worldwide. Even if they’re only demanding bitcoins, I still wouldn’t recommend paying the ransom. The process to get bitcoins is dangerous and involves entering the dark corners of the internet, which introduces more risk to your business.
The safest and most reliable solution is to ensure that your backups and security systems are up to date, and conform to your businesses RTO’s and RPO’s. Again if this is something you’re unsure of and require advice on how to plan for, please get in touch.
If your backups are working, you should be able to restore them once you have removed or cleaned the culprit device from your network, and your business can carry on as normal.
However as mentioned in my previous blog, backups do not always work and in some cases take a long time to administer. Which, in situations like the above, can put your business in a very difficult situation.
Acora can consult with you to design an adequate backup solution which can then be implemented and configured as per the agreed design. If you have a managed service from Acora, then we will monitor and maintain the entire backup process for you. We can implement two products, of which we’re certified partners, which help alleviate the risks highlighted by this type of event. The two products we use are AlienVault Unified Security Management (USM) and LAN Desk.
AlienVault USM, is a bundle of 5 AlienVault products into 1 appliance, whether that be a physical appliance, virtual machine or a cloud hosted version of the USM. The 5 products assist in the following areas:
LAN Desk offers similar functions to AlienVault USM, however it has more focus around the management of all devices in your network, without the security features AlienVault offers. The areas that LAN Desk offers are as follows:
Both of these products fit perfectly together to help manage your network and help keep it secure.
2022 has been about growth, people and innovation. Company-wide, we have seen lots of staff members return back to the office which is essential for communication, personal development and collaboration. We are seeing the benefits of face-to-face internal team and…
Acora is pleased to announce it has secured a new minority investment with LDC, the private equity arm of Lloyds Banking Group. The new investment round, supported by debt funding from Ares and HSBC, will provide long-term financing for the…