Reports of businesses being hit with ransomware have flooded headlines in recent weeks. Several hospitals across the nation have been infected and forced to pay thousands of dollars to be able to use their computers or access their data. Although hospitals have been the most prominent target lately, hackers are still going after home users and business of all types and sizes at an alarming rate. The problem is getting more serious and everyone needs to be aware of the damage ransomware infections cause.
In this article, we will take a look at what ransomware is, how to prevent an infection, and what you can do if you fall victim to an attack.
Ransomware is a term that describes a type of malware that a) encrypts your data and files, known as crypto ransomware, b) locks your computer preventing you to use it, known as locker ransomware, or c) is a hybrid of the two. You then must pay a ransom through online payment methods to the attacker in order to regain access to your data or computer. It is typically distributed one of three ways:
Although there is no silver bullet to completely eliminate the risk of getting ransomware, there are a few different methods of minimizing your chances based on the three methods of delivery listed above.
Web content filtering software is important in preventing you from visiting websites that are prone to malware. It will block websites that likely contain spyware, viruses and other objectionable content and will decrease your chance of infection.
Using a robust malware and virus protection software will help protect your network, computers and devices against known threats. It can be installed directly on your computer, but tends to use up system resources when running scans causing performance issues. A cloud-based anti-malware/anti-virus is another option, which does most of its processing elsewhere on the internet instead of on your local machine.
Make sure your email server uses a good spam filter to cut down on the amount of spam that is potentially harboring malware. A spam filter will scan incoming emails and block most of the messages containing questionable content from landing in your inbox. Or the spam filter will send the messages to a quarantine or Junk/Spam folder for you to view and decide if it’s spam. Most spam filters will allow you to adjust the settings from light to strict filtering and offer user-determined white/black lists based on email addresses, domains, IP addresses or countries of origin to cut down on the amount of unsolicited email you receive.
Having a business continuity and disaster recovery plan in place to protect your data is a must for all companies and a standard Best Practice. Although it will not minimize your risk of getting infected, having recent backups of your data to restore from will help you recover from a ransomware attack quickly and will most likely allow you to avoid paying the ransom.
Unfortunately, even with all of these methods in place, it is not 100% guaranteed that you will not be affected by ransomware. There is one more very important factor; the human factor. Today’s attacks focus more on exploiting human flaws than system flaws. According to the Proofpoint Human Factor Report 2016, more than 99% of attachments in malicious email campaigns relied on human interaction. This means that the victim had to click on a link or open a file in order for the malicious code to run! A report by Verizon Enterprise last year indicates that 23% of recipients open phishing messages and 11% click on attachments. It is extremely important to use caution when visiting websites or opening attachments and links in emails, even if the message does not look like spam.
You must also be sure that everyone connected to your company’s network is well educated and on the defense. Hackers are getting very diligent in their research and can spoof emails so it looks like they’re coming from valid email accounts for valid reasons, tricking recipients. And all it takes is one user to compromise an entire network!
If you do become a victim of ransomware, immediately report it to your IT department or service provider so they can assess the situation. Once it is determined what files and systems have been affected, they can help you decide on the best course of action. This may include:
It is also a good idea to report any cybercrimes to your local FBI field office or the Internet Crime Compliant Center (IC3) so they are aware of cybercriminal activity and can investigate. They may not be able to provide you with results as a victim, but the information will help with their ongoing efforts against cybercrimes. It will also give them useful data so they can monitor patterns, frequencies and origins of cyber threats.