How to Protect Yourself from Ransomware?
Since the start of the pandemic, there has been a significant increase in ransomware attacks. According to Security Boulevard, ransomware attacks increased by 139% from the third quarter of 2019 to the third quarter of 2020.
How does ransomware work?
Ransomware is malware that encrypts files, and the attacker demands a ransom to restore access to them. Not only do attackers hold data or networks hostage, but they also threaten to publish the information they find if you do not pay them. Ransomware can access your computer in different ways.
- Phishing is most common – the victim receives an attachment that looks legitimate but can take over their computer once opened.
- Ransomware can also look for security holes and does not need to trick users.
Who does ransomware target?
Anyone can become a target of ransomware, but common targets include organizations who need to restore their files quickly, for example, government agencies. Financial services and healthcare are the two most attacked industries, and organizations with sensitive information, like law firms, can also be targeted. Organizations like universities may become targets for hackers because their databases have a lot of file sharing, and their security teams might be small. Ransomware attacks are also common for small and medium-sized businesses.
How can you protect yourself from ransomware?
You can minimize the risk or damage of ransomware by taking effective prevention and recovery measures. Preventing an attack is preferable to dealing with the consequences of a successful attack, and recovery measures during or after an attack are time-consuming and expensive. Recovering all of your lost data can be impossible.
Antivirus software
Make sure to install reputable antivirus software on your computer. If you have Windows, it is a necessity, and macOS users have also been experiencing attacks. Your antivirus software should support behaviour-based ransomware and heuristic analysis. This means that it can detect and block suspicious activity and not just virus signatures. You should update antivirus databases daily. Antivirus software should provide:
- Protection against unauthorized file modification and access for specific folders
- Detection of suspicious file encryption processes
- Exploit protection
- Real-time protection
Email protection
Email is a popular way to spread ransomware to other computers and across the network. Anti-spam and anti-malware filters should be configured on email servers to prevent users from receiving malicious links or attachments in emails. They can send warning messages or delete harmful files before they reach you. Filter configurations should be updated regularly.
Security patches
Install security patches for applications and operating systems to prevent vulnerabilities that allow ransomware attacks. Vulnerabilities can spread ransomware across a network, and you can help prevent it with automatic updates.
Restrict permissions
Give permissions only to users who need the data for their work. If a user backs up data as part of their work, create a separate account and separate backup repository. This improves ransomware protection and reduces the risk of unauthorized access.
Do not provide personal information
Emails, phone calls, text messages, and instant messages can be attempts to gain information for attacks or trick you into installing malware. Sometimes phishers will try to impersonate your IT department. Always check with your IT department if you receive any suspicious messages or requests.
Back up your data
Backing up your data is one of the most important things to minimize the damage if ransomware infiltrates your system. Recovering data from a backup is the most effective way to get it back and is much more efficient than finding and using a decryption tool.
- Store data backups where they cannot be accessed by ransomware.
- Have a production copy, one stored off-site (like to a cloud), and an offline copy if possible.
Should you pay the ransom?
Losing a significant amount of data can stop business operations and can bankrupt businesses. But paying ransoms incentivizes future attacks, and there is no guarantee that your data will be restored. It is best to do everything you can to prevent an attack and be prepared if it does happen.