How to prevent ransomware

What is ransomware?

Ransomware has been in the news a lot lately. Attacks on pipelines, local governments, businesses, and even home users have all received extensive coverage. But what is ransomware? And, more importantly, how do you prevent it? Ransomware is a type of malware virus that looks to propagate itself on a network and lock down resources. It targets and encrypts files so they can only be accessed with an encryption key. In order to restore the resources to a working state, the hackers demand a ransom to restore those operations. When the virus attacks, it opens a new window on the network with instructions on how to contact and pay the hackers.

Ransomware demands can get into millions of dollars depending on the size of the business and its function. Paying the ransom is not advised as it may encourage future ransomware attacks. The hackers generally demand payments in Bitcoin or other cryptocurrencies because it allows for more anonymity.

As we’ve seen, ransomware attacks can be quite devastating for businesses. So, how can you prevent ransomware attacks?

Why ransomware attacks are becoming more frequent

The last few years have seen an explosion in ransomware attacks. It is estimated that over $400 million was paid in ransoms in 2020, which quadrupled the amount that was paid just a year before. There are 3 reasons for the large increase:

1. Ransomware as a Service

People who want to execute a ransomware attack don’t have to be a hacker to send ransomware to someone. All they need to do is find a website that offers ransomware as a service (or Raas) and the email of their target(s). Just like that, they can have a ransomware attack carried out within 10 minutes.

2. Cryptocurrency

Cryptocurrency transactions can be 100% anonymous and very difficult, if not impossible, to reverse. This makes it an ideal currency for hackers.

3. Safe havens

A lot of ransomware is coming from Russia. The Russian government is willing to look the other way as long as hackers don’t target Russians or Russian businesses.

How to prepare for and prevent ransomware attacks

Be aware of social engineering schemes

The main way hackers get into networks is through social engineering. Hackers use social engineering to trick users into thinking they are talking to someone trustworthy. The hackers use this trust to get users to give out their personal information. This could be passwords, network information, or applications used in the office. It’s important to train employees on what to look for when talking on the phone or opening an email. We recommend yearly security training to keep staff aware of how to identify and prevent attacks.

Before opening an email, ask questions like:

Is this from someone I know?
Did I expect to get this email?
Does the email address it came from look authentic?

You may also receive emails from people posing as someone you know. These messages often attempt to create a sense of urgency to get the user to perform an action. One approach that we use is to send test emails to users to test their ability to spot malicious emails. If users click on something, we can explain to them what warning signs they may have missed. We also use a service that checks links in emails for viruses and blocks the virus before it can download to the user’s computer.

Review your current security measures

Your network’s security settings are also a crucial part of protecting against attacks. Low-security settings can let ransomware into the network and even make cleaning and restoring it more difficult. Here are a few key measures we recommend having in place.

1. Firewalls

Having a firewall is a vital form of protection for your network. A firewall is a router that focuses on security. It scans traffic and blocks items it deems unsafe and doesn’t allow viruses to get on the network. Firewalls also block sites hosting viruses and send alerts when someone is trying to access something that could be a virus.

2. Multi-Factor Authentication

Multi-Factor Authentication (MFA) is also important. MFA adds extra layers of security to your accounts by requiring additional authentication, usually accessed on the user’s phone. Even if a hacker has your password, they’ll be unable to authenticate, or prove, they are the owner of the account. Both business and personal accounts should use MFA whenever possible.

3. Antivirus software

Having advanced endpoint protection or a business-level antivirus application is also advised. The antivirus protects the computer, so if something makes it past the firewall, it may not make it past the antivirus. Having as many lines of defense as possible will make you better protected from attacks.

4. Up-to-date technology

Making sure computers, servers, firewalls, are all up to date is essential. Hackers are always looking for new ways to get through security and software developers are looking for new ways to block those attacks. Having the latest software helps keep up with the latest attacks.

5. Backup system

Lastly, you should also have a good backup system. This ensures your files are protected and can be restored to a working state if they become infected with malicious software.

Make a Disaster Recovery Plan

Finally, if you’re the victim of a ransomware attack, having a disaster recovery plan will ensure you’re prepared. Having a plan in place before disaster strikes will save time as opposed to trying to figure things out in the midst of a disaster. A good disaster recovery plan should be a written document with detailed, step-by-step instructions of what to do in a worst-case scenario. Make notes of who on your team will be responsible for performing what duties. Keep a list of all equipment that needs to be checked and track their working status as you go along.

Invest in Your Business’ Security

No one company or individual can ever be 100% secure, but following these best practices can prevent ransomware and mitigate the effects of an attack. An IT provider can help with all these items to get your company to be as secure as possible. Think of IT and cybersecurity not as an expense but as an investment in your business’s security and efficiency.