Everything You Needed to Know About Ransomware (But Were Afraid to Ask)

Life’s great. Your company is conquering any obstacles to its success, tackling the toughest IT challenges and ultimately crushing it in revenue and customer satisfaction. What could possibly go wrong?

One word: ransomware. Ransomware is worse than your second cousin, twice removed, who crashes your wedding and falls face first into your 3 tier vintage inspired wedding cake (please tell me this happened to someone else and not just me).

If you’re not worried about ransomware and taking proactive steps towards learning to detect and prevent ransomware attacks, you may suffer a significant financial and productivity loss in the future. Here’s everything you need to know to prepare for a ransomware attack and avoid nasty surprises.

First of All, What is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer or data until a ransom is paid. Companies are typically infected with ransomware through one of a few ways:

  • Visiting unsafe or fake websites
  • Opening malicious PDFs, ZIP files and other email attachments
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, or instant messenger chats

Who’s a target for ransomware? Unfortunately, almost every company, regardless of size or type, is at risk.

If you have computer systems and access to data, you’re a potential victim. This includes banks, hospitals, government agencies, police departments, pet stores (yes, there are people who are that evil), airlines and the list goes on.

Ransomware Is No Big Deal, Right?

Wrong. With free ransomware kits available online, ransomware attacks are at an all-time record high. According to Cisco’s 2016 Annual Security Report, 9,515 ransoms are paid each month.

And, in March 2016, the U.S. Department of Justice revealed that the Internet Crime Complaint Center (IC3) had received over 7,000 public complaints regarding ransomware since 2005, adding up to $57.6 million in damages. In 2015 alone, ransomware victims suffered financial losses of over $24 million across nearly 2,500 cases.

While ransom fees typically range anywhere from $200 to $10,000, victims incur additional costs due to the ransomware incident including:

  • Network mitigation
  • Network countermeasures
  • Loss of productivity
  • Legal fees
  • IT services
  • Credit monitoring services

More and more organizations are at a loss for what they can do to prevent attackers from circumventing their systems. Many organizations take preventative action and are still breached. But, before you lose all faith, there are ways you can successfully beat (and even prevent) ransomware attacks.

How Can You Prevent Ransomware?

1) Patch or Update Your Software

Why make an attacker’s job easier by running systems that are known to be vulnerable? Where possible, patching should be used to mitigate risk and prevent attackers from exploiting key vulnerabilities.

This advice applies to both malware and ransomware, as outdated software marks you as a prime target for both. Be sure to update your software often, or enlist the help of an IT solutions provider who can monitor and manage your environment for you.

2) Check Employee Privileges

Protect against ransomware by controlling access to business-critical data. Ransomware attackers can only compromise areas within the IT infrastructure that the infected user can access. By limiting privileges, you can keep attacks from reaching network drives where sensitive data is stored.

3) NEVER Interact With Spam Email

This may seem obvious, but we can’t stress enough the importance of ignoring your spam emails. Never click on any links or attachments in ANY email unless you know the sender.

Ransomware attackers often gain access to your system by tricking a user to click on a virus-laden email attachment. If an email asks for your personal or financial information, it’s most likely a scam. When receiving any spam email, your best bet is to immediately delete it.

Also, avoid any websites that promise free software downloads. Fake emails or websites will often be littered with typos or look unusual. When opening emails or visiting websites, look out for any red flags. Is the website name just a different spelling of a well-known company name (“PayePal” vs “PayPal”)? Are there any unusual spaces, symbols or punctuation in the company name? If something feels off, go with your gut and delete the email or hit the back button.

4) Back Up Your Data

The best way to safeguard your data against ransomware is to back up your critical data daily. That way, even if your computers get locked, you won’t have to pay a ransom to retrieve your data. Ensure maximum protection against ransomware by running serialized backups. This type of backup keeps older files around in case a newer file is locked.

Sometimes, ransomware attackers will also encrypt and lock backup systems. First, they access your desktop systems. Then, they work their way through the network to your servers.

Avoid this nightmare scenario and make sure your data is stored securely offsite, in the cloud, rather than backed up to a local storage device or server. Or, ensure your backup systems don’t share a direct connection to your desktop systems.

Do you use an external hard drive for backups? Only connect the hard drive during backups. If the hard drive is connected during a ransomware attack, it will be encrypted too.

Finally, Get Your Action Plan in Place

Be prepared for anything by setting an action plan in place. Be sure to develop a solid disaster recovery plan that accounts for every eventuality. A customized Disaster Recovery as a Service (DRaaS) solution will protect critical data so your business can maintain productivity around the clock.

Not sure where to start? Rely on the expertise and knowledge of a disaster recovery service provider. They can help you develop a backup and recovery solution tailored to your company’s unique requirements. Some IT solutions providers also offer uninterrupted monitoring of your disaster recovery solution – 24 hours a day, 7 days a week. Under their watchful eye, your data will remain safe, secure, and available when you need it.

No Comments

Post A Comment