Computer security is an ever growing concern, not only for business organizations, but also personal computer users. Virus and malware have been old nemeses of responsible computer and Internet users from a long time. However, in the past few years, we’ve heard a lot about ransomware, a particularly dangerous form of malware. Ransomware is a computer malware that encrypts the whole or part of your hard disk files, rendering them inaccessible for you. Then, you are asked to pay a ransom amount for the decryption of your documents. These payments are mostly sought via anonymous means such as Bitcoins.
What Has Made Ransomware Such A Massive Problem?
In the first half of May 2017, ransomware became a term that every computer user in the world began to be wary of. This happened because of the massive ransomware attack on thousands of computers across the globe. Called WannaCry (or WCry, WannaCrypt, and Wanna DecryptOr), this ransomware impacted large enterprises as well, including FedEx and UK National Health Service.
The ransomware took advantage of a Microsoft XP flaw, and infected computer files, demanding ransom via digital currency for decrypting the files. Soon enough, more than 75,000 computers across 99 countries were infected. WannaCry demanded ransom of anything between $300 and $600 to decrypt the infected data in affected computers. Microsoft did release a security fix; however, for most, it came too late.
You see, there’s a direct revenue model for cybercriminals to exploit using ransomware; no wonders, similar attacks are on the up, and all computer and Internet users are at risk. What’s worse – cybercriminals don’t decrypt the victim’s personal files even after getting the hostage, or ask for more money before eventually doing so.
How Does Ransomware Make Its Way To Your Computers?
Ransomware is a piece of code meant to sneak its way into computers, run on its own, encrypt the computer’s hard disk files, and then showcase a message with instructions of paying ransom. In a majority of the cases of ransomware attacks, these codes are concealed within email attachments such as Word and Excel documents using Macros, etc.
Cybercriminals indulge in phishing activities to get computer users into opening these emails, downloading the attachments, and opening them. Social engineering – that’s the practice of studying a target user’s social media interactions and activities, and then sending contextualized emails with infected attachments – enables cybercriminals to send malicious emails to victims’ mailboxes with seemingly relevant subject lines, and recognizable email IDs.
The bottom line is that ransomware is, arguably, the biggest and most immediate cyber threat staring global computer and Internet users in the face. And this brings us to the 5 most effective ransomware prevention tips you can adopt and implement today to stay safe and secure.
5. Patching is the Single Most Important Ransomware Protection Practice
It’s time you stopped ignoring system prompts to install security upgrades and patches. Operating systems and application software developers realize the need to keep on upgrading their products’ security readiness in sync with the latest means of attack being devised by cybercriminals.
Remember these:
- By not patching your system up to the latest releases from the software provider, you risk falling prey to advanced cyber attacks.
- Never use unlicensed or pirated software, because you won’t get security upgrades for them, and will eventually have to suffer from a cyber-attack such as ransomware.
- Also, make sure you have the right settings in place to enable your OS to look for newly released patches and upgrades.
- It’s a good idea to upgrade to newer versions of OS and other software of the provider has declared end of support for an old version.
Even when WannaCry was wracking havoc, Microsoft worked on a patch (MS17-010) and released it to the world, to secure computers. Because ransomware is beeping hard on all software developers’ and OS makers’ radars, the frequency of anti-ransomware and anti-malware patches is high, which bodes well for end users. This highlights how important it is to keep your software patched, always.
4. Frequent Backups of Data
The entire model of ransomware attacks is based on extracting money from the victim in return of the promise of disinfecting his/her hard disk data. What if you had a backup of all the data, updated till just a few hours back! You got it – you’ll just need to format the infected computer, re-install the OS, and copy data back to hard disk from the backup media. Take it from us; if you fall victim to a ransomware attack, you will adopt strong data backup practices after paying up. Why not do it now, and avoid a potential ransom situation? Here are some tips and suggestions:
- If you use physical storage media to create backups, make sure they undergo a scan on being connected to the computer.
- Immediately disconnect the storage devices once the backup is done.
- Consider online cloud powered data storage services that take regular backups and keep your data secure.
- Consider buying a couple of high capacity solid state devices for physical archiving of all enterprise data.
Data backup can foil even the worse ransomware attacks, because you just won’t have anything to lose! Considering that cybercriminals don’t even disinfect your data, or keep on demanding more ransom, permanent data loss becomes a real risk. This makes data backup a foolproof method of staying safe.
3. Invest In A Good Antivirus
Wondering how to protect against ransomware all your important data? Buy a time tested and advanced antivirus program. Antivirus solution providers like McAfee, Symantec, and Norton are frequently upgrading their tools to combat advanced malware and ransomware. The latest antivirus offerings from these providers ‘learn’ everyday to identify patterns in computing resource requests, code executions, etc., made by programs. This helps them to identify malware and ransomware that are not even captured in the regularly updated antivirus signature databases.
For starters, a good antivirus will not let any malicious attachment (containing ransomware) get downloaded on your drive. Secondly, it will highlight any concealed attempts of running unsolicited macros and codes, hidden behind office document execution processes. Thirdly, even if a ransomware program makes its way to your computer, the antivirus will identify it and quarantine or delete it before it can encrypt your hard disk files. Working in conjugation with patching for your operating system, an antivirus acts as a strong protective layer and cleaning tool for computer systems. Latest security suites from notable antivirus providers also include dedicated anti ransomware software to block ransomware attempts.
2. Be Careful With Your Emails
Internet users need to realize that with ransomware, prevention is the only cure. So, it makes sense to invest in the effort to educate themselves about the gateways through which ransomware makes its way to computers. A massive percentage of ransomware invades computers via malicious emails. Here are some strong email management practices to stay safe:
- Use a service such as Unroll.me to unsubscribe from all unnecessary email lists.
- Never download any attachment from an email sent by a person whom you don’t know yet.
- Insist on getting Google shared document or other shared document links if you need to exchange office documents with colleagues and clients whom you’ve not worked with earlier.
- Don’t access your social media profiles on work center computers. Any cybercriminals looking to target an enterprise computer look to steal social information of the user first up, to then create a contextualized and real-sounding phishing email.
1. Don’t Buckle Under the Ransom Demands
Take it from us – paying ransom is not the solution. Here are the reasons:
- Cybercriminals don’t return your data or decrypt encrypted data even when you pay up.
- Often times, the ransom payment is followed up with demands of more ransom.
- When you pay up, you become a part of the soft targets database of cybercriminals, which means you’ll face similar attacks very soon.
Of course, things are more difficult for enterprises, who are faced with the choice of paying up, or losing their entire customer database. In such unfortunate situations, there are no best practices to help you decide; it’s sad, yet true.
Apart from these major preventive practices, there are other options you can consider to ramp up security against ransomware, such as:
- Installing offline office viewer tools that open office documents without macros
- Restricting desktop administrative power of individual users in an office network to prevent unsolicited installations of malicious software
- Training employees and colleagues; after all, your computer network is as strong as its weakest link
- Using firewalls to separate different functional areas such as server and client networks, so that damage can be restricted
The times when buzzwords like Internet security, cybercrime, malware, and ransomware were ‘too grand to be true’ for routine computer and web users are long gone. The threats of ransomware were never so pronounced. Use the practices and tips recommended in this guide to keep your computer, network, and data safe.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.