In an age of ever-increasing use of technology, it should come as no surprise that criminals are adapting, and finding ways to capitalize on our reliance on data. Ransomware is a classic example of this, and something you should always be on the lookout for if you’re handling important files.
Because ransomware attacks are so malicious, it’s important to educate yourself on the best methods to protect yourself. But first, let’s go over what exactly a ransomware attack is.
What is ransomware?
Ransomware is a form of cybercrime that allows the attacker to access and encrypt a user’s files, holding them captive until the ransom is paid. Normally, hackers have victims pay this ransom via Bitcoin or another untraceable cryptocurrency, at which point they’ll claim to give you the encryption key and allow you to re-access your data.
The problem here is that once you’ve paid the ransom, there’s zero incentive for the hacker to follow through on their promise. If the ransomed data is, say, an important business client list, the hacker has every reason to go back on their word after receiving your payment. This is because lots of data is valuable in itself, meaning the attacker could go on and sell your data to another company, essentially getting paid twice for the same attack. For this reason, we always recommend working with a data recovery team specializing in de-encryption if you’re the victim of a data hostage situation.
However, it’s even better if you can simply avoid the headache of ransomware altogether. With that in mind, here are TeraDrive’s top ten tips on how to protect your data from ransomware attacks.
1. Download antivirus software, run it regularly, and keep it updated
For large scale operations, a quality antivirus suite is essential. Not only does it provide peace of mind, and prevent your computers from getting backed up by malware, but it can stop a ransomware attack in its tracks. Since ransomware is defined by the encryption of files, many antivirus programs will keep an eye out for unexpected encryption occurring within your data. Depending on the program, it may quarantine these affected files, protecting the rest of your data and stopping the encryption from continuing.
It’s important to keep your antivirus software up to date. Hackers are always looking for exploits and vulnerabilities in these programs, and software developers are constantly reworking the application to prevent them. By keeping your antivirus up to date, you stand a much better chance against ransomware attacks.
2. Use additional security tools to keep an eye on your network
In addition to a standard antivirus software, you might want to look into additional security tools that help you stay updated on any unusual goings-on in your network. These range from intrusion detection and prevention, which will notify you when someone is attempting to breach your network, all the way to security information and event management (SIEM) tools, which keep you updated on your network’s traffic. You’ll need someone with a strong working knowledge of these tools to make full use of them, but when applied correctly, they can be invaluable protection for your company and your data.
3. Use content filtering for emails
Emails are the most common way that ransomware is introduced to computers. Fake, or ‘spoofed’ emails with suspicious links are often a hacker’s entry point to a network. You should be aware of what these tend to look like, but you can also take some of the strain off of yourself by taking advantage of email filters. Most emails have features like this inherently, intelligently scanning messages for anything suspicious, and placing them in your junk folder before they wind up in your inbox. These aren’t perfect, and some junk mail will end up in your main inbox, just as some regular mail will wind up in the junk folder. However, this is still an invaluable tool.
4. Ensure your staff is knowledgeable about data security
Automated content filters are great, but what’s even better is ensuring everyone on your staff knows what to look for when it comes to ransomware. Train them on what a spoofed email might look like, and ensure they know never to click on links in any email that seems suspicious or unusual. The basic rule (and there are no exceptions to this rule) is to never open emails from unrecognized senders. What’s even more important, though, is to never click on suspicious links or open suspicious attachments in these emails, as these will normally be the catalyst to set the whole ransomware scheme in action. Ensure everyone at your organization is aware of the risks of ransomware, and educated on the best practices to prevent it.
5. Think twice before paying the ransom
If you have been attacked by a ransomware hack, it might be tempting to end the hassle by simply giving the attacker what they want. After all, a few thousand dollars might just be a drop in the bucket compared to the losses caused by lack of productivity. However, as we were saying before, you should be very, very cautious about paying this ransom. The hacker may not de-encrypt your data at all, and may simply sell it to the highest bidder instead. Alternatively, even if your data is returned after the first attack, your payment has helped the hackers to fund their next one, whether it’s against you or another organization. You should avoid rewarding this behaviour at all costs, and instead do everything you can to recover your data without paying the criminals.
6. Ensure your most important data is securely backed up
A great way to completely sidestep the risk of a ransomware attack is simply to ensure your most important data is already backed up in a secure location. This way, even if one copy of your data is held hostage, you at least won’t need to worry about losing it entirely, as you’ll have an up-to-date backup stored in an offline location, such as a disconnected hard drive. This doesn’t help you if the data that’s been taken is sensitive, as it could still be sold off or leaked, but you’ll still have a copy yourself.
7. Identify your network’s vulnerabilities
Although ransomware is usually introduced via emails, there are other methods that hackers will use to gain access to your network. Although our computers are generally secured devices, there are likely other devices in your office that connect to the internet, but don’t offer the same level of protection. This is even more true now that many are working from home, as devices for personal use typically aren’t rated for the same security that’s expected of corporate networks. Many hackers are aware of these vulnerabilities, and will attempt to extort them. Printers, smart TVs, and even smart vending machines can all be weak points in your system, acting as the initial vulnerability to your network that hackers are looking for.
8. Use strong passwords
Although we see most ransomware attacks beginning via email, two other methods are being seen more and more often. These are known as brute force attacks and remote desktop protocol attacks, or RDP attacks. In the case of brute force attacks, these attempts use a special software that automatically tries password after password in the hope of breaching a secure login. If your password is too simple, hasn’t been changed often enough, or is used multiple times across the web, a brute force attack stands a very good chance of succeeding, eventually cracking your password and gaining access to the system.
An RDP attack works a little differently. Using it, a hacker can remotely access your machine, allowing them to operate it as if they were sitting in front of it. Hackers will often remotely access your computer via a password as well, making this another good reason to ensure your login is secure. Additionally, make sure your computer’s RDP access is limited to only the necessary devices.
9. Keep all software up to date
It’s not just outdated antivirus that can create vulnerabilities to your network. Operating systems, messaging applications, and others can all provide entry points to hackers if they’re not kept up to date. For an example of this, look no further than the WannaCry virus, which wreaked havoc across over 300,000 devices in 2017, seriously affecting the NHS in Britain by simply exploiting a flaw in their software. Despite a patch for this vulnerability being available for months before the attack, many users put off the update, and paid dearly for it. Even though it can be an incredibly annoying process, we recommend always updating your system when available.
10. Make a ransomware reaction plan, and test it
Finally, one of the best ways to prevent major data loss after a ransomware attack is to simply be prepared. Like with all other hypothetical issues, from power outages to pandemics, businesses should have a standardized plan in the case of a data attack. Consider the immediate response necessary, such as mobilizing your backups and contacting your go-to recovery team for de-encryption. However, you should also consider the necessary indirect responses.
Decide if and when you’ll inform your client base, and how you’ll do it. Will you call the police? Your insurance provider? Figure out your standard operating procedure for ransomware well before an attack, but don’t just assume it’ll work perfectly. We recommend putting your recovery plan through a stringent test to ensure it’ll work for your company in the event of a real attack. Some data security companies even offer these tests as part of their services, mimicking a real attack in order to identify your system’s strengths and weaknesses and allowing you to be more prepared for the real thing.
Overall, ransomware is a very serious issue that could pose a real threat to your data, your money, and your organization as a whole. With a well thought-out, tandem approach of both automated and human oversight, as well as adequate preparation and data backups, you can rest assured that you’re as protected as possible from the growing levels of cybercrime.
If you’re experiencing data loss in the wake of a ransomware attack, or you’re simply looking to add the final piece of security assurance to your hacking reaction plan, please contact TeraDrive today!
Questions? Send us an email