Can You Protect Yourself From Ransomware?
Another day, another victim of ransomware.
Are you starting to tune it out? The conversation about ransomware has kind of become white noise, after all. There are so many ransomware attacks that it’s hard to stay engaged.
But that’s what cybercriminals are counting on. If you’re not paying attention to the latest cybercrime news, then you won’t learn how to protect yourself.
Case in point: back in May, the city of Baltimore was hit with ransomware that made their server’s inaccessible. They refused to pay the ransom, which kept their systems offline for weeks – in the meantime, they attempted to “rebuild certain systems”, according to Mayor Jack Young.
Baltimore joins the growing number of municipalities hit by ransomware this year – all of which, after the attack, invest considerable resources in investigating the source of the incident.
Will you do the same? Wait until you get hit and figure out what happened after the fact? Or would you rather do what’s necessary to protect yourself now, and avoid the problem altogether?
Let’s start simple…
What Is Ransomware?
Ransomware is a type of malware that encrypts the target’s data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target’s systems, making it impossible for them to ignore until they pay the ransom, or wipe the data.
How Does Ransomware Infect A Computer?
There are two primary ways that hackers trick targets into downloading ransomware:
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.
Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link.
That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.
What Is The Best Ransomware Protection?
Be sure to follow these 6 key tips, which are applicable to organizations, employees and individual computer users:
- Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
- Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
- Train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
- Macro scripts in office files should be disabled when sent over email.
- Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
- If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
If you’re not sure about how to ensure your protection against ransomware, then don’t try “fake it ’till you make it”. Be sure to consult an IT company about the best protections against ransomware, and how to implement them.