Everyone has become familiar with the term ransomware, with attacks increasing in frequency and making the headlines far too often. Most ransomware takes control of a machine or mobile device and demands payment in cryptocurrency to release an encryption key to unlock the system. Ransomware attacks are indiscriminate in who they target, affecting businesses and individuals alike, says Robert Brown, CEO of DRS, a Cognosec AB company. “As long as the ransom is paid, the cyber criminals don’t care who is affected.”
Unfortunately, too often it seems that the only way to get your files back is to pay the ransom, adds Brown. “However, we cannot advise strongly enough against this approach. Not only is paying the ransom no guarantee that you will get your information back, it simply encourages the actors behind this scourge to launch more of these attacks.”
He says several security vendors have designed tools to help decrypt files, and an initiative called ‘No More Ransom’ has released some 52 free decryption keys to known pieces of ransomware. There are also several ways businesses can protect themselves from ransomware.
“Firstly, back up, back up and back up again. In the worst case scenario, where you have no encryption key, and are unwilling to pay the ransom, having all your files backed up will allow you to recover quickly from these attacks. Having all your files and documents on hand will greatly limit any damage or loss.”
He advises to back up all the information and files on your PCs and mobile devices onto a totally separate system, such as an external hard drive that doesn’t connect to the internet. “Businesses will usually save copies of their data to off-premise servers that will remain unaffected in the event they fall victim to such an attack.”
Moreover, Brown advises companies to teach their staff about good security practices. “Ransomware infections usually happen because someone unwittingly clicks on an attachment in an email, reads a malicious advert on a Web site, or falls victim to a clever phishing attack. Remember, in order to infect a victim, attackers need to download malware onto their computer. This is then used to launch the attack and encrypt files.”
Always err on the side of caution when opening an email, particularly from a source you are not 100% sure is legitimate, and never, ever click on any links or attachments in these emails. “Take this further and only download apps from official marketplaces. Check the reviews for any reports of malicious activities, and question the permissions carefully to make sure an app isn’t asking for access to things they don’t feasibly need,” Brownsays.
And of course, make sure you have anti-malware installed on your devices. “While not fool-proof, a good AV product can prevent ransomware from being downloaded onto your systems. They should have a scanning feature, to check files to root out any malicious code before downloading. They can also block installations from malvertising, which helps prevent ransomware too.”
Finally, and this was a major lesson learned by WannaCry, update and patch your software as soon as possible. Vendors regularly release updates to their products to fix vulnerabilities that can be exploited for all sorts of malicious activities.