How to Prevent Becoming the Next Ransomware Victim

Ransomware is the hot hacking trend for 2016. If measures are not put in place to prevent an attack, you could be the next ransomware victim. These attacks are hitting hospitals, schools, businesses and individuals. Without ransomware preventative measures in place, these attacks are only expected to grow.

The Lowdown on Ransomware

Ransomware is a type of malware that once installed, it proceeds to encrypt the user’s data on the computer and spreads to other devices connected to the computer. This includes any shared drive on a company’s network where the user has access rights. Once the data is encrypted, the criminal demands a ransom in Bitcoin funds to release the data. Without the encryption key, it is nearly impossible to unencrypt the files.

Ransomware is delivered by email, but can spread through infected programs or compromised websites. In recent news, a new strain of ransomware was released that can target servers. Windows operating systems have been the primary target but there is ransomware for Macs and Linux machines. Mobile devices are not immune to this threat either.

To Pay or Not Pay

If you do get infected, the recommendation is not to pay the ransom. Ransomware is the work of criminals. If you pay, there is no guarantee that a key will be delivered to unencrypt the files. Paying the ransom may make you a target for more attacks. Some victims do take the risk and pay because the cost to bring back the system is higher than the demanded ransom.

Case in point, this past February the Hollywood Presbyterian Medical Center decided to pay the ransom after being infected with ransomware. The attacks didn’t end there, hackers targeted the hospital once more last week, demanding payment. This time around, the hospital chose a different route and refused to make payment.

Preventing an Infection

The best line of defense is to be proactive and take preventive measures to protect computers and the network. This can be achieved by doing:

Backups–Do backups daily, weekly, and monthly and store them offline. Have a strong strategy in place. Ransomware will encrypt files from a user’s computer to the network drives that they have access rights to. This includes Google, iCloud and Dropbox drives. Make sure to test the backups. Target to do this at least one month.

The Multi-Layer Approach–Use a multi-layer approach enlisting security technologies like a real-time anti-virus, web filtering and firewalls. Ensure a real-time anti-virus is running on all computers and use an end-point security solution. 

Restrict Access to Network Drives–Provide access to users only to the areas that they need to do their work.

Patch–All operating systems, software and firmware used within the company must be fully patched. Implementing an automated patch system may be helpful to simplify the process.

Implement an Email Security Solution–This solution should monitor the content of inbound and outbound emails to filter out any suspicious emails.

Educate Users–Users will be the weakest link in your line of defense. They need to be educated about the dangers of ransomware and made aware of the consequences of their actions. You can:

• Enforce the use of strong password
• Simulate an attack to build awareness of the consequences of clicking phishing links
• Restrict the use of unauthorized company software running on computers
• Host a monthly lunch and learn to company personnel to discuss how to respond to a security threat
• Encourage users to validate the authenticity of an email by contacting the sender if unsure of the content or link
• Advise users to contact the company’s tech support if they feel uncertain of a security threat
• Educate users on social engineering techniques and identifying spear-phishing emails.

Prevention is Key

Ransomware is a lucrative market. It is expected to continue to grow. Prevention is the best defense against ransomware. Not taking preventive measures will result in losing key data.

The most important preventive action is having backups stored offline. This will help to speed up the recovery and continuity of your business.

Have an incident response plan in place to address any disruptions to the business due to an attack. An incident response plan is not a silver bullet. The goal of the plan is to help get the business back up and running as quickly and efficiently as possible.