How to Defend Against Ransomware Attacks
Ransomware attacks are a growing threat, generating billions of dollars in payments to cybercriminals and inflicting substantial damage and expenses for businesses and governmental organizations.
Ransomware is malware that uses encryption to hold a victim’s information at ransom. A business, organization, or user’s data is encrypted so that they cannot access their files, databases, or applications. The data is released only when a ransom is paid.
After a successful deployment of malicious malware, the search to encrypt files such as Word docs, images, and databases begins. Ransomware is often designed to spread across a network, and target database and file servers. It can then quickly paralyze an entire organization. If a data backup is unavailable or has also been infected, the victim must quickly consider paying the ransom.
The attacker uses cryptography that generates a pair of keys to encrypt and decrypt a file. The decryption key – a private key – is stored on the attacker’s server. The attacker makes the private key available only after the ransom is paid. Without access to the private key, it is virtually impossible to decrypt the files being held for ransom.
Unfortunately, today’s cybercriminals don’t have to be very tech-savvy. Ransomware marketplaces are available online, offering various malware. Some of the malware authors even ask for a cut of the ransom proceeds. Payment is made with anonymous cryptocurrencies, such as bitcoin. This makes it difficult to follow the money and to track down the criminals.
Ransomware threats are distributed using email spam campaigns or through targeted attacks. Increasingly, email phishing schemes are making them a lead entry point in these attacks. Targeting via phishing has become easier by leveraging information available on social media and other public platforms.
Follow These Tips to Avoid Ransomware Attacks and Mitigate Damage (source: mcafee.com)
- Back up your data. The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. Backups won’t prevent ransomware, but it can mitigate the risks.
- Secure your backups. Make sure your backup data is not accessible for modification or deletion from the systems where the data resides. Ransomware will look for data backups and encrypt or delete them so they cannot be recovered, so use backup systems that do not allow direct access to backup files.
- Use security software and keep it up to date. Make sure all your computers and devices are protected with comprehensive security software and keep all your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
- Practice safe surfing. Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
- Only use secure networks. Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
- Stay informed. Keep current on the latest ransomware threats so you know what to look out for. In the case that you do get a ransomware infection and have not backed up all your files, know that some decryption tools are made available by tech companies to help victims.
- Implement a security awareness program. Provide regular security awareness training for every member of your organization so they can avoid phishing and other social engineering attacks. Conduct regular drills and tests to be sure that training is being observed.
To counter ransomware schemes, training along with automated tools are the best defense. Enter Nexigen, Madison Wealth Management’s provider of data security technology, along with managed solutions and cloud services.
“It’s always a good use of time to arm your employees with knowledge. Phishing is a problem inside the company and outside the company at home. Giving people the tools they need to avoid work or home distress is critical for maintaining well-being and productivity for your entire workforce,” says Chris Bednar, lead senior engineer at Nexigen.
If you have questions regarding ransomware or phishing, please email Madison’s Kelly Blanks at [email protected]. We will share your questions with our Nexigen experts and get back to you.