For that reason, online backups with automatic incremental backups can be a great help, Brian Foster, chief technology officer of network-security firm Damballa, advised. At the very least, companies should be keeping at least one set of backups offsite.
"I'm a big fan of online backups," he said. "You should expect that, if you get hit by ransomware, you are not going to get the PC back."
Another possible defense: Ransomware typically reaches out to get an encryption key from an online server. Detecting and blocking that request can prevent the encryption of the data.
Unfortunately for the New England retailer, the infection revealed that the company's backup program had not been working correctly for more than two years. The company had no choice but to pay. Yet, even that did not go smoothly: Unable to deal with the mapped drive, the ransomware's decryption routine failed to unscramble more than 100 of the thousands of encrypted files, leaving financial and customer information encrypted. Because the ransomware scheme requires trust that the criminals will hand over the data after receiving payment, the operators offered support to the firm's owner, and even offered to try to decrypt the data, if the company sent the files. The firm declined.
The infection also leaves the owner in a quandary. While the criminals have said that the infected system should be clean, John understandably does not trust them.
"The fear, as an IT person, is you feel like you need to format every drive in the network," he said. "I don't trust the other computers, but do we shell out $10,000 to rebuild our infrastructure?"
The company is still considering its options.
Sign up for CIO Asia eNewsletters.