2017 was a record year for ransomware with WannaCry and NotPetya causing mayhem in more than 200,000 organizations across 150 countries.
Ransomware is a breed of malware that locks your entire device (computer, tablet, smartphone) or your files, and prevents you from accessing them until you pay a specific amount of money, usually $500 to $5000. Its main method of delivery is through virus-infected email attachments or malicious ads and content running on hacked websites. Once ransomware is installed and activated on your computer, you receive a message informing you of the attack and giving you instructions on how to pay the ransom and unlock your device/files. (More details)
No matter how well established your defences are, you should prepare yourself for the “when” not the “if”. The following recommendations can help keep your environment safe:
1. Back up your files:
The best defence against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computers and servers get locked, you won't be forced to pay to see your data again. Copy your documents to an external hard drive, jump drive or CD/DVD. You also can email them to yourself or upload them to an external cloud storage network where you can retrieve them from any computer or wireless device. You can back-up your entire computer as well and set "restore points" from which you can later restore your PC instead of starting from scratch if you encounter a problem.
Make sure to:
- Keep offline backups of your files: Local or mapped network drives are not a safe place to put your backups, because ransomware trojans scan and encrypt all of them.
- Keep cloud backups: Keeping backups in a cloud storage solution is smart as long as you don’t map it to a local drive or folder.
- Not keep backups in shared folders: Some breeds of ransomware tend to scan the network and encrypt files you store in shared folders, even if they’re not mapped as network drives.
2. Update your software
Always keep your operating system, antivirus, browser and other software up-to-date. Most vendors regularly offer patches and security updates for their products. Never underestimate the value of these updates. They usually contain fixes for zero-days and newly discovered vulnerabilities. Not installing updates means you’re leaving your system open to attacks through well-known security holes.
3. Install antivirus software
Make sure you have installed one of the latest reputable anti-virus programs to make sure you are fully protected. We believe in Cybereason because its Deep Hunting Platform delivers endpoint detection and response (EDR), next-generation antivirus (NGAV), managed threat hunting, and threat intelligence — all in one solution and one single lightweight sensor. Download a free anti ransomware tool here
4. Create a security plan for your business
A security plan can help you protect your intellectual property and financial data, meet your regulatory and legislative obligation, and show your suppliers and clients that you treat the security of their data seriously. The best plans are simple and dynamic, just like the systems they protect. Everyone involved should take note of which policies are working and which need to be refined, changed or just thrown out and started afresh. It’s all about gathering together and formalizing the knowledge you need to give yourself the power to control your IT security.
Here are few key elements of your security plan:
- List your employees and allocate a cyber security task to each relevant person.
- List all your digital assets, including emails, client work files past and present, financial records, marketing collateral, staff information, project plans, schedules, customer data, contracts, and any other information you want to protect.
- Once you have the list of your digital assets, the risks they face, the list of employees that are responsible for managing those risks, you can create a security plan on how to mitigate the risks.
- Lastly, deliver security awareness training regularly across your organization. As the methods hackers and malware creators use to trick users are constantly changing, it is important to keep users up-to-date on not only the basics of IT and email security, but also the ever changing attack types and threat vectors. User security training is a vital piece of securing your network.
5. Never pay the ransom
Over and over again, we have seen victims of ransomware pay the fee and not receive the encryption key unlock their files. Furthermore, some attackers spread ransomware without even having the encryption key in the hope that you will still pay them. If you have a good security plan in place, you should survive a ransom attack by restoring data from a recent backup file. Also, there are some programs that can help decrypt files, victims are advised to explore such options.