Beware of Ransomware: how to keep your computers and your business safe from cybercriminals!
Cerber, Wildfire, Chimera, BlackSnow: 2016 can be rightly called the Year of Ransomware and, so far, 2017 is not shaping up any better. The biggest ever cyber attack in Internet history struck on May 12th 2017, when a ransomware named WannaCry stormed through the web, infecting 200,000 computers around the world in just the first few hours.
Ransomware is a type of malicious software that criminal hackers use to encrypt and lock up your computers or critical files and then demand a payment of ransom in order to regain access. A ransomware attack can bring business operations to a halt and, even in the best scenario, the damages can take days or weeks to repair and will include the cost of disinfecting machines and restoring backup data. Even worse, if you haven’t backed up your data and can’t find a way to get around the encryption, your only option might be to pay the ransom. Although the FBI and many security experts recommend not paying, the impulse to give in to the criminals is understandable, when your day-to-day business operations depend on access to the data.
As with other types of malicious cyberattacks, the best way to stay safe is to prevent ransomware from infecting your computers in the first place. Here are the 3 things you can do to keep your business safe and not fall victim to future ransomware attacks.
“An ounce of prevention is worth a pound of cure”
Back up, back up, back up!
Regular daily backups is the best defense against ransomware. You should be backing up your important business data daily, so that even if your computers and files get locked by ransomware, you won’t be forced to pay in hopes of seeing your data again. Remember, however, that, if your backup resides on the same computer as the encrypted data, it will not do you any good, as these backup files will most likely be locked up by the ransomware as well. Therefore, if you don’t back up to the cloud and instead backup to a local storage device or server, these should be offline and not directly connected to computers where the ransomware or attacker can reach them. If you are backing up to an external hard drive, make sure to disconnect it from the computer after the backup is finished.
Patch your security software and keep it updated
Make sure to have the latest security patches installed and always keep your antivirus software updated. Microsoft and most antivirus software vendors regularly release patches to prevent known ransomware attacks, such as WannaCry, from exploiting existing software security holes. Keeping your security software up-to-date is one of the most important prevention strategies not only against ransomware, but against any malware and viruses that may attack your computer.
Do not click on suspicious emails and links
This seems to be a no-brainer, as hackers’ favorite method of infecting victims with ransomware involves a phishing attack, such as spamming you with emails that carry a malicious attachment or that instruct you to click on a URL where malware may infect your computer and possibly the whole network. However, it is often difficult to tell a malicious email from a legitimate one, as criminals are getting increasingly more sophisticated and much better at making their emails appear authentic.These are no longer the Nigerian Prince scam emails of the internet’s by-gone days and they are not as easy to detect even for knowledgeable and careful computer users. Unlike other kinds of computer viruses that exploit a vulnerability in the software running on your machine or in your browser, phishing scams employ social engineering tactics that rely not on technology, but on human psychology, to phish sensitive information out of people by gaining their trust. Thus, your employees are especially vulnerable as they might have access to sensitive data and passwords.
The best thing you can do, is to educate your employees to be careful of common phishing scam tactics, which ask them to share confidential information or click on suspicious links. Do not ever share confidential or sensitive information, such as passwords, social security numbers, or bank account information via email.