Protecting Yourself from Ransomware: Best Practices to Follow
No computer is immune to a ransomware attack. In fact, these attack rose 6,000% in 2016. So what are the ransomware best practices to follow?
No computer is immune to a ransomware attack. An especially vicious type of malware, cyber criminals use it to encrypt computer files. And so, they stay, locked up and inaccessible until the cyber victim pays a fee, thus the name ransomware.
The 2016 stats are in
Sad to say, present day technology has yet to come up with a solution to the problem other than software patches and security updates. And the criminals know it. The number of brazen attacks grows year after year. 2016 was a record-breaker. Ransomware incidents grew 6,000% when compared to 2015. And keep in mind these were only the reported incident. Many victims pay their ransom but never report they’ve been victimized.
IBM undertook a study of the incidents and came up with some pretty unsettling numbers.
- 40% of email spam contained ransomware.
- 70% of businesses that were hit paid the ransom.
- 50% paid more than$10,000.
- 20% paid more than $40,000.
- At the time of the study, ransomware was on track to net $1 billion dollars for cyber criminals.
Wanna Cry: a doozy of a ransomware attack
2017 hadn’t even reached its 6-month birthday when news of a massive attack spread across the internet and airwaves. At least 75,000 people in 99 countries turned on their computers to find a message telling them their files had been encrypted. It would cost $300 in bitcoins to get them unencrypted. Dubbed, Wanna Cry, the ransomware played no favorites, striking hospitals, financial institutions, and large corporations, including FedEx.
While the numbers are frightening, its modus operandi is terrifying. “Normal” ransomware hitches a ride into the system when an unsuspecting email reader clicks on an infected link. This malicious subterfuge is known as phishing. However, Wanna Cry bypasses email. It spreads through a known Microsoft weakness and prowls the internet looking for vulnerable computers. Anyone could fall victim, anyone that is, who failed to update their computer. Microsoft discovered the vulnerability in March. It even gave it a name, Eternal Blue, and issued a software patch.
This ransomware attack highlights the need to take advantage of updates, no matter how long they take and how inconvenient they are. Updates and patches are not the only way to protect yourself from ransomware.
Ransomware best practices
Backing up your files may not protect you from ransomware. But should a hacker strike, you’ll still be able to access your files. And you won’t have paid a penny. This doesn’t mean you should let down your guard. Cybercriminals are a resourceful lot, always looking for a new angle. They also strike backup systems. So, if you‘re not using cloud storage, backup offline. If you use a hard drive, disconnect it as soon as you’ve done your daily backup. Leave it connected and it too could fall victim.
Stop the spread: disconnect
If even one computer in your company gets infected, shut down the entire network. Immediately! But don’t stop there. Disable wi-fi and Bluetooth since ransomware can travel through these just as it does the internet. Disconnect storage systems and backup devices. There’s no need to close the barn door after the cows have gotten out.
Patch and block
It bears repeating, if Microsoft issues a patch, use it! This also goes for Java and Flash since ransomware can also invade through plug-ins.
If you want to go the extra mile, consider blocking software. There are products for desktop systems that block attacks from malicious sites. They do so by using deep learning to detect the presence of ransomware and malware.
Educate, train, reinforce
Include cybersecurity education and preventive practices in your regularly scheduled staff meetings. Whether you devote the entire time to the task or include pointed reminders is up to you. Establish consequences for not following the rules. Will you get 100% compliance? Probably not. Clicking on links has become a reflex. Especially when preoccupied, people tend to click first and think later. When new employees come on board, include ransomware preventative practices in their orientation sessions.
A word in parting
Backing up your files, like brushing your teeth, should be a practice you never skip. Should you feel like slacking off, keep in mind that Wanna Cry is still out there, prowling the internet. And as if ransomware were not already rampant, there is now a new cloud-based service to make infection even easier, Spora ransomware-as-a-service. All a hacking miscreant has to do is sign up with the provider, create an encryption key, and agree to pay a 30% commission. We wish we could say we’re kidding, but we’re not. It’s for real.