Ransomware and Crypto Virus Attacks on Hotels

Ransomware and Crypto Virus Attacks on Hotels, Resorts, Clubs and Lodges

16th February 2021
Johan Marais

Do not be held to RANSOM!

Ransomware is malicious software developed by criminals and downloaded secretly to your computer or server, typically through email attachments or other downloadable files. The malicious software infects your computer by encrypting your documents, spreadsheets and even other data and archive files. Once encrypted the files are ‘locked’ and unusable. The criminal perpetrators demand a ransom payment from you, usually in crypto currency, in exchange for ‘unlocking’ the files.

You may find yourself forced by circumstances to pay the ransom – but this does not guarantee that your data will be decrypted after payment! By paying you may also become a target for future attacks since you are now known to be vulnerable.

This FBI-link is a good summary on the FBI’s view of ransomware.

Managing the risk of a ransomware attack

The way to manage this risk is to avoid ever having to pay the ransom by:

  • making regular and secure archives (backups) which cannot be infected by ransomware.
  • storing archives outside the available network using some external repository like a USB hard disk which is not permanently connected to the computer. You may also use INNsync Archive.
  • preparing a disaster recovery plan to quickly restore your operations after a ransomware attack.
  • simulating a disaster to test your disaster recovery plan. You must test your available resources as well as the time it takes to restore your operations.

Minimising the risk of a ransomware attack requires a holistic approach to data security.

The important steps!

1. Create and maintain user awareness

  • Users must keep their personal applications, (including their social media presence) separated from your business network.
  • Users must understand the threats of phishing and spam emails with questionable or unverified attachments. Impress upon users not to open suspicious e-mails and not to click on unverified attachments or links. The golden rule is: better to delete than to open!
  • Users must use strong unique passwords to access company data, and must keep their passwords secret.

2. Keep all software updated

  • Ensure that your operating system, database software, anti-virus software and business applications remain up to date with the latest versions – this reduces vulnerability.
  • CiMSO software upgrades are included in your support fees. Please contact CiMSO to determine if your system is up to date. Talk to your local representative to schedule an upgrade.

3. Archive all data regularly

  • Your IT Administrator or service provider must run regular archives of all your data files – at least once a day. NB: Do not forget to archive documents, spreadsheets and images as well.
  • Ensure that the archive files are moved moved off-site or to a repository separated from your business computer or network.
  • Ransomware is sophisticated and is able to infect archive files. Archive files should be spot-checked regularly to determine if they are ‘clean’.

4. Implement data replication

  • CiMSO’s INNsync Archive product continuously replicates your database to a remote archive repository. Your data are securely replicated using a secure channel without ransomware being able to infect them.
  • If it comes to an infection with ransomware the data replication is halted and your IT Administrator is alarmed that the replication process has stopped. Your data are up to date up till the moment an attack occurs. The data may be recovered and easily restored to a ‘clean’ server or computer.
  • INNsync replication also protects your data against other cyber attacks, catastrophic outages, hardware failure or natural disasters.

5. Conclusion

  • There is no protection against ransomware unless you implement the protection!
  • Infiltration by ransomware is 99% caused by a careless user within the network!
  • Without user awareness the best protection is worthless.
  • No one can protect your system, but a disaster recovery plan can help you recover quickly.
  • A Cloud archive repository, if permanently connected to your network, will also be infected.
  • There is no replacement for a physically separated archive repository, such as INNsync Archive.