Effective Ways to Fight Ransomware
A few years ago, cybercriminals found a new way to make money from their criminal practices.
Instead of
spreading viruses that simply destroyed systems and data, they invented
ransomware, a type of malware that encrypts or blocks access to the victim's
data and asks for money to make it available again.
Ransomware took many cybersecurity
professionals by surprise, exploiting vulnerabilities they didn't know existed
and seriously compromising their organizations' critical information. A
single vulnerability in an IT network is enough to compromise tons of sensitive
data. In this sense, ransomware affects not only the reputation of the
organizations but also their finances.
The main target for ransomware attacks is businesses - the
bigger the better. Because they generally have more financial resources
and better terms to pay a ransom than individuals. But nobody is safe as
any computer, tablet or phone can be infected. Yes, phones too!
The most common way of spreading ransomware is through email. Usually, the
infection appears to be associated with what appears to be legitimate messages. These
messages prompt the user to click a link or download an attachment that spreads
the malware. Attackers typically send massive messages to millions of
email addresses.
Malicious websites and social media messages are also common
methods of spreading ransomware.
Ransomware
victims find that they have been attacked when they cannot access their files. The
attackers give anonymous instructions to pay the ransom and recover the
compromised information. Regardless of whether the ransom is paid or not,
the attackers have access to the victim's data and always try to extract useful
information from it.
Once the attack is committed, the victim must deal with the fact that all sensitive data
has been compromised. This can include usernames and passwords, payment
information, email addresses, and much more.
One word sums up the best strategy for combating ransomware: prevention. Only if you take the necessary preventative measures can you recover from a ransomware attack, or better yet, simply avoid being attacked. We have put together a checklist of preventive measures you can take to fight ransomware effectively.
1) Be Very Careful with Email Attachments
Your antivirus
software should warn you of any suspicious email attachments
you receive. Do not rely on it blindly, however, as email messages can
easily be disguised as legitimate notifications from your bank, credit card
company, or other trusted source, even a colleague or friend.
Before opening a file attached to a message, verify the return
address, not just the sender name, as this can be forged. Check that the
domain name (the part after the @) of the address is what it should be. If
it's a strange name with no meaning, discard the message immediately.
The most
dangerous attachments are application components such as exe files (executable
files) or DLL files (dynamic link library). So pay special attention if
you see any of these files attached to a message. Any file type associated
with an application that opens it automatically is potentially dangerous. So,
good advice is never to double-click the attached files. Always save it in
a folder and then use an antivirus application to check it.
2) Do Not Click a Link that Appears in An Email Body
Once you do,
it might be too late.
If you
absolutely have to click on this tempting link, move your mouse pointer (if
you're using a computer) to see where the link will really take you. If
you're using a phone or tablet, you can tap and hold the link to see the actual
URL after the link.
If it doesn't
match the link text, don't follow it, and discard the tricky message.
3) Be Careful with Unknown External Drives or USB Sticks
If you need
to copy files from an external storage device that someone gave you, don't let
it do anything automatically when you plug it in.
Ask about the
location of the files you need and copy them (and don't copy anything else) to
a temporary folder on your device where you can scan them for malware before using them. The same caution applies here as with e-mail attachments: do not double-click the
files or let them open or play automatically.
4) Play It Safe on Social Networks
Ransomware
can spread through social networks as quickly as a zombie infection. We
all love to share any content we like with our friends. We do this with
good intentions, but sometimes it can be an irresponsible way of spreading
malware.
If a friend of yours sends you a link to something you need to
download, install, or watch, be careful: your friend may already be infected
and it is the ransomware that is trying to trick you into opening a door so
that it can get into your door system.
Check out
everything you get on social networks. Something as innocent as watching a
video of kittens playing with puppies could cost you a fortune.
5) Keep Your Software up To Date
It is
important that all software you use is from reliable sources and that the
latest updates are always installed. Reading change logo (“what's new”
screens or documents) can be a hassle, but it provides useful information about
what the developer has done to fix security issues and fix vulnerabilities.
Read them
carefully to understand what problems they solved.
6) Make Sure You Have a Good Antivirus and Firewall
Read reviews
and comparisons to make sure you're installing the best antivirus and firewall
for your devices.
Well-designed
antivirus utilities should remove ransomware as soon as it tries to invade your
system. Modern antivirus utilities provide some form of behavior
monitoring. Some of them do not look for known threat patterns, only
observe malicious behavior. This behavior-based technique is becoming more
common as it proves its effectiveness.
Some security utilities try to prevent ransomware attacks by
denying unauthorized access to certain locations, such as the desktop
or the documents folder of a computer. Any attempt to access an unknown
program triggers a warning to the user with the option to allow or deny access.
Below are
some of the best options.
Malwarebytes - probably the best
anti-malware for Windows, MAC, Android, and iOS.
Protegent Total Security - Advanced Internet Security
Protection for Desktop and Laptop.
Some security utilities try to prevent ransomware attacks by
denying unauthorized access to certain locations, such as the desktop
or the documents folder of a computer. Any attempt to access an unknown
program triggers a warning to the user with the option to allow or deny access.
7)
Many people find it too late that they don't have a proper backup strategy. The typical problems with backups are damaged media, damaged backup data, difficult recovery procedures that take too much time, or too many people to perform between others.
If you discover the backup problems after a ransomware attack, your backups may be unusable. A solid backup strategy should allow you to reset the time to a specific date and reset your data to that date. You need to know the exact date the infection started and then restore it from a backup earlier than that date.
A reliable data backup must be coupled with a fast recovery process. It is also important that a data backup provides detailed and easy recovery of files so that you can get back to your data in a short amount of time.
If you don't want to deal with backup schedules, media, rotation, and other issues, consider a cloud backup service. There are a variety of online backup providers with an even wider range of options and prices. Remember that the service you are paying for removes many concerns and avoids many risks.
What if It All Fails?
Even if you
take every necessary measure to prevent malware from entering your system,
nothing can guarantee that it will not happen. What to do if your device
gets infected
First of all,
you should isolate the infected device. Disconnect it from the internet
and from any network - wired or wireless - it could be connected. Second,
you should create a clean backup and restore the infected computer to its last
known "good" state. Do not reconnect the previously infected
device to the Internet or any other network until you are sure that the
infection is gone.
No comments:
Post a Comment