Dealing with Ransomware

You may think this won’t happen to you, but this just happen to one of my customers.

Over the past three months we have written about the newest threats to dental offices servers and patient data. During that brief window of time the most prevalent threat, ransomware, has continued to grow at an alarming rate.

The most recent research reports that the number of new pieces of ransomware detected has better than doubled between January 1, 2015, and September 30, 2015, bringing the total number to more than 5 million pieces of ransomware!

According to a “Good Morning America” segment run earlier this month, we need to plan on this type of growth to continue through 2016. During this segment Intel security experts reported that they are detecting 13,000 new pieces of ransomware a day.

See NBC “Good Morning America,” December 1, 2015: Security Experts Warn Ransomware Attacks Will Grow in 2016.

Given the present volume and growth rates coupled with the increasingly sophisticated methods that ransomware is utilizing, it is easy to say that a majority of us will eventually experience a ransomware attack.

So what can you do to prepare yourself? First, work on a good defense and second, develop a sound recovery plan for if and when a ransomware attack hits.


The first line of defense against this type of malware is your firewall. A basic firewall will no longer do; a true business class firewall with active anti-malware software is needed.

The second line of defense is an active, business grade anti-virus on your server. Yes, this may sound redundant, but it is not.

By keeping both active, you receive software updates developed by each manufacturer to help block new pieces of malware/ransomware.

Since a person has to launch ransomware into your network, the education of everyone in the office is paramount. Short of working closely with a knowledgeable company to assist in training, make it a rule that no matter who the email is supposedly from, if you are not expecting that email do not open an attachment or click on any link!

Important note: Due to both the sheer volume of new ransomware being developed as well as the human factor, the above steps will decrease but will not eliminate the chance of a ransomware attack hitting your server.

Understanding this, it becomes sound business sense that each office develops a plan on how to recover from a ransomware attack. A sound recovery plan will allow you to avoid paying the ransom and avoid damage to your files while also preventing days of downtime (see October 29 post “Is Your Office a Target for a Cyber Attack?” for details).


The first step is to evaluate the type of system your office utilizes to back up your server. If it is a traditional system with a hard drive attached to your server you may have a problem. Ransomware sees the removable device as an additional drive on your computer and renders it unusable.

If and when you do get hit with an attack, immediately take your server offline by powering it down. If done quickly enough this may help decrease the damage done by the ransomware. However, with viruses running through a network in as little as 45 seconds this action may be futile.

To ensure rapid and full recovery from a ransomware attack a business continuity system needs to be employed (see September 23 post “Backup Has Become A Bad Word”). A true business continuity system will step in for the infected server and get the network up and running in 30 minutes or less. Once your practice is up and running your server can then be scrubbed clean to ensure that the ransomware is removed. Your data is then transferred from the business continuity system back onto your now clean server.

A proper defense plan will help decrease the odds of a successful attack but a sound recovery plan will make a ransomware attack a virtual non-event.

DDS Rescue is a great way to help you get back up and running if you do get attacked.

For more information or to schedule a Data Security Assessment, please write to or phone 800.998.9048, ext. 102.