Ransomware Prevention Tips: Stop the Threat

Ransomware Prevention Tips: Stop the Threat

On May 12th 2017, the biggest cyberattack in history took place. WannaCry infected tens of thousands of machines in a matter of hours and did untold damage, locking doctors out of patient databases in hospitals and holding vital data for ransom.

But this cyberattack – and many others like it – could have been avoided by the majority of its victims. In fact, there are several simple steps you can take to protect your data from the threat of ransomware.

In order illustrate how this is done, it’s important to define two types of ransomware and describe how it works and how these variants propagate from machine to machine.

Effective Ransomware Prevention Requires You Know Your Enemy

Ransomware operates by locking users out of their systems using encryption. The perpetrators then demand payment for the decryption key. It is a relatively simple plan for cyber extortion that nonetheless relies on some extraordinarily advanced technology. Two broad categories of ransomware exist:

  • Encryption Ransomware blocks access to individual system files by encrypting them. Examples include CryptoLocker and WannaCry.
  • Locker Ransomware blocks access to the entire computer by locking the victim out of the computer’s operating system. User files may not be encrypted in this case, but computer hardware often is. Examples include Satana and Petya.

Once the malicious applications trigger encryption and ask for a ransom, there is often no way to get your files back without paying. Modern encryption techniques are so advanced that the code is effectively unbreakable.

However, paying the ransom is not a good idea either – there is no guarantee that the cybercriminal will decrypt your files. Even if that happens, the attacker still has access to your system and can simply trigger the attack again the moment funds start running low. You will have already taught the attacker that you will pay.

The vast majority of ransomware bugs find their way onto victims’ computers through malicious emails. Email is the number one threat vector for ransomware worldwide.

People get so many emails from so many sources every day that it is easy for one bad email to slip through. Add in the fact that reports of email forgery are increasing, and it is easy to see the reason why cybercriminals prefer email for delivering ransomware to unsuspecting victims.

How to Defend Your Systems from Ransomware

Since email is one of the most important attack vectors for ransomware, one of the key steps to ransomware prevention is adopting secure email habits.

  • Forging an identity on email is surprisingly easy. Do not trust unexpected correspondence coming from authority figures through email. If you have to, call them and verify.
  • Be suspicious of any email that asks for urgent action. A typical ransomware delivery method involves impersonating a well-known business, like FedEx or PayPal, and convincing users to download malicious packages masquerading as receipts, invoices, or other paperwork.
  • Avoid clicking on embedded links in emails. A compromised link may not point to the URL it claims to. Type the address in your browser yourself or save it as a bookmark so you know where you are browsing.

Another important strategy for ransomware protection is having a backup data recovery and business continuity plan. Since many forms of ransomware encrypt local and network files, recovering a recent backup of your most important data can render the attack harmless.

However, you should be sure that your backups happen regularly and securely. One of the things that made WannaCry so effective was the fact that it would encrypt backups it found on the server. Your backup data has to adhere to the highest security protocols and be easy to recover.

What You Can Do to Protect Yourself Right Now

When it comes to WannaCry, tens of thousands of users could have protected their machines in one easy step, at zero cost. Simply keeping your Windows system updated to the latest patch would have prevented WannaCry from infecting the computer.

An entire two months before the WannaCry bug came out, Microsoft released a security patch that closed the security hole the malware used to propagate from machine to machine. Every user who kept Windows updated to the latest version was protected, and users who failed to download the security patch were punished for it.

WannaCry is unusual in that it did not use email as an attack vector. It used a file sharing protocol vulnerability that the NSA discovered and kept secret. When hackers leaked the NSA’s exploits, the institution alerted Microsoft, who quickly went to work developing the patch.

But not all Microsoft users keep their systems up to date. If you take just this small step, you can hugely improve your chances of escaping the next ransomware scare unscathed.

It’s time your business established a powerful defense against the threat of ransomware. Consult a Smile cybersecurity expert today.