Ransomware is not something that only happens to other businesses.
Ransomware is malicious software that criminals use to hold your computer, network, and data hostage, demanding payment from you to get them back.
Ransomware is not science-fiction. It is becoming increasingly damaging for businesses around the world.
Your business can’t succeed without your IT infrastructure. If you want your business to succeed, you have to protect your business from ransomware.
If you fail to protect your business from ransomware your business will be controlled by extortionists.
Ransomware leads to loss of data, revenue, and customers.
Who is the target of ransomware?
Any business or organization that depends on access to critical data and can’t afford to lose access to it.
Here is how to protect your business from ransomware:
Backup Your Data to Fight Ransomware
Ransomware often encrypts your data. What that means to you is that if you don’t have a recent backup of your data, you are in trouble.
One of the simplest protection against ransomware is frequent backups. How frequently you need to backup your data depends on your business.
Ask yourself: How often does my data change?
If your data changes daily, you need daily backups. If your data rarely changes, you might be able to get away with less frequent data backups.
Your backups must be secured. At the least, you have to have one offsite copy of your data. Either through a cloud backup service or an external drive, stored offsite.
Backup your data in three different places:
- Your file server (If your files are in the cloud, this should be done by your cloud service provider.).
- Local backup (You should store a copy of your local backups offline.).
- Mirrors of your data in the cloud.
In the case of a ransomware attack, your backups will help you recover almost immediately.
Crypto ransomware punishes those businesses the most that fail to backup their data.
The low cost of backup solutions makes defending your data easier than ever.
Key point: Regularly check to make sure that your backups are working.
Keep Software Updated to Protect From Ransomware
There is no protection from ransomware without regular software updates.
At the very least:
- Make sure that Windows is updated.
- Keep all plugins up-to-date
- Automate updates
- Create a patch management update
Protect from Ransomware with Browsers
Chrome and Firefox are constantly updated. Install plugins to block ads. Installing a pop-up blocker could greatly decrease attacks.
Show Hidden Files to Fight Ransomware
Ransomware prefers to use hidden files. It is best to show hidden files. It makes it easier for you and your users to see suspicious files.
Disable Autorun to Protect from Malware
Users like autorun because it simplifies the user experience. For better malware protection, disable autorun.
Disable VBS to Protect from Malware
Windows Scripting Host (VBS) is useful but makes computers more vulnerable to malware. VBS is used to download more damaging malware to your computer. It is best to disable the VBS engine.
Restrict User Permissions to Protect from Ransomware
Some ransomware can browse and encrypt data on mapped drives. Therefore, it is important to restrict user permissions.
Install a Second Browser to Protect Yourself from Ransomware
Ransomware could damage your primary web browser. It makes sense to install a second browser.
Malware can also slow down your browser. Even worse, malware could destabilize and make your browser completely unusable.
There are many different browsers for your business to use. We prefer to use Chrome and Firefox.
To make your browsers more secure, consider installing the following:
- Script blockers.
- Pop-up or ad blockers.
- Web filters.
Also, make sure that you are always using the latest version of your browsers.
Filter Executable Files to Protect from Ransomware
It is important to have your IT department filter your email servers for executable files. The bottom line is that your mail server should not allow .exe files into your network.
Emails sent with .exe attachments should be discarded.
If your users need to share .exe files use a cloud file-sharing service such as dropbox or Google drive.
Use Security Software to Detect Ransomware
Every computer on your network should run a malware/virus defender.
How to detect ransomware?
You can detect ransomware by taking the necessary precautionary measures. It’s possible to detect ransomware accurately by thoroughly checking the sender’s email address of every received email.
Ransomware creators send malicious emails through a similar-looking email account. They use distinct techniques to make fake emails look similar to the legitimate email address they’re trying to imitate.
For instance, attackers replace the small character “L” with an upper-case “I.” These characters are easily confused with each other, which can easily fool potential victims that don’t have proper knowledge of how to detect ransomware.
Look for spelling errors in the domain name. Spammers sending ransomware often use domains that look similar to some of the most trusted domains in the world.
You can also detect ransomware by scrutinizing the content of the email. In the past, ransomware creators would send mass emails with nonsensical content. But modern ransomware attacks are more sophisticated.
Modern ransomware creators are savvier. They take great care in making ransomware emails legit. They will try to imitate authentic email addresses and send you “real” sounding email messages.
If you aren’t sure about the authenticity of an email, delete it and mark the sender’s email address as spam. You can actually call the institution the ransomware email referenced to get to the bottom of the situation.
An effective way to detect ransomware before the damage is done is to avoid downloading suspicious attachments. Ransomware generally involves malicious file attachments. They are hidden in encrypted zip files.
Once you click or tap the malicious file, it will infect your device. So, don’t click or download any attachments if you don’t trust the sender.
In case of a ransomware attack, don’t give in to the demands of the ransom creator. Paying the ransom doesn’t guarantee that your problem is solved. Often, ransomware creators continue to extort money from ransomware victims.
Learning how to detect ransomware is a must to fight back. Your ransomware knowledge will help protect your organization from the financial losses of ransomware.
There is no substitute for user education about ransomware. Train your users not to click on suspicious emails. Tell your users to delete all emails that arrive from an unknown sender. Create and share a cheat sheet to show users how to protect their computers.
Once a computer is infected it must be disconnected ASAP from your network.
Disconnect the computer from wifi and hardwire connections until the ransomware has been resolved.
Disconnecting can prevent further damage.
What is the difference between ransomware and malware?
The difference between ransomware and malware is that ransomware is designed to block access to your own data until the ransom is paid, and malware is designed to destroy data and degrade the performance of computer systems.
Malware is an umbrella term used to describe harmful software such as Trojan horses, worms, and viruses. All ransomware is also malware. But where malware is designed to damage or destroy data and computer systems, ransomware is designed to extort payment from organizations such as hospitals and for-profit organizations.
How Ransomware Spreads
Ransomware spreads through exposure to public WiFi, phishing emails with malicious links or attachments, Zero-Day vulnerabilities, and portable computers.
Cybercriminals use phishing emails to install ransomware. Once you have clicked a malicious link or downloaded a ransomware file, their malware will infiltrate your entire network.
Hackers also use spear phishing techniques to plant ransomware into your network. Phishing emails are extremely common. According to a recent study, 91% of all cyberattacks start with a phishing email.
The malicious emails are carefully written and formatted to fool people into installing ransomware on their systems.
Ransomware also spreads through:
- Remote Desktop Protocol (RDP)
- MSPs and RMMs
- Drive-By Downloads
- Bad Ads
- Network Propagation
- USB Drives
- Unpatched or outdated software
- Pay-For-Install Attacks
- Network Scanning
- Pirated Software
photo credit: Self portrait in my hoodie