How to Prevent and Respond to Ransomware

According to Cyber Security Ventures, a new company falls victim to ransomware about once every 14 seconds. It’s a tricky problem, so you need to be prepared to both prevent and respond to ransomware. In this article, we’ll cover:

• What is ransomware?
• Use security software to prevent ransomware attacks
• How employee training can prevent ransomware takeovers
• How to respond to ransomware

What is ransomware?

Ransomware is a specific type of malicious software (malware) that hackers use to extort money from their victims. It locks users out of specific folders or their device as a whole and then holds that data for ransom. Users are given instructions on how to pay the fee, usually in bitcoin. In theory, the criminal will then release their data back to them. Unfortunately, that’s not always the case. Generally, you get your data back safe and sound about 65-70% of the time.

Use security software to prevent ransomware attacks

To help prevent ransomware, you’ll need to make sure you have security software installed on your device and keep it up to date. 

Antivirus software

Antivirus software, like the options offered by McAfee or Norton, protects your data from ransomware that doesn’t rely on tricking your employees to get in. Some hackers just look to exploit gaps in your security and implant the virus on your device. Antivirus programs scan files and programs that run on your site to ensure none of their code matches known malware. If it does find malware, that data is sectioned off from the rest of the machine or simply removed. Unfortunately, hackers are always adapting their malware to get around security platforms, so this won’t be enough to stop ransomware on its own.

VPNs

If you ever need to use public networks on your device, using a VPN is a good way to keep your data secure. Public networks make it much easier for hackers to get into your device, especially when they aren’t password protected, but a VPN routes your connection through a private server, which is much harder to breach. ExpressVPN, NordVPN, and CyberGhost have highly rated VPN services you can explore.

Mail server content scanning and filtering

Use server content scanning and filtering options for your email account. Many email providers will offer these tools automatically with their service, but you may have to activate them in your settings. These filters will reduce the probability of any phishing attacks or spam email reaching your inbox, so it’s less likely one of your employees will fall for them.

How employee training can prevent ransomware takeovers

Along with having extra security software, you’ll also need to train your employees not to fall for phishing attacks. Many basic internet safety rules also apply to avoiding ransomware. 

Email threats

Emails are one of the most common avenues for ransomware to get into your device, so it’s important to not click on any suspicious links or open any attachments from someone you don’t know. You’ll need to double check the email address, even if you think you know the sender. Hackers are very good at spoofing email addresses, so they look like what you’d expect but with a slight difference.

Guard personal information

You shouldn’t give out any personal information to someone you don’t know. Often, criminals who are planning a ransomware attack will try to gather some personal information from you first, so they can make their phishing attempts look more realistic. If you’re asked by a company to provide personal information, you should ignore that email or phone call and pull contact information from the company’s website to ensure the request was legitimate.

Backup your data

Make backups of your data often. This way, if someone does infect your computer with ransomware, you’ll have all the information you need and won’t have to pay the ransom. Also, when you’re making backups or during any other time, make sure you’re not using an unfamiliar USB drive. Someone could’ve added the ransomware to the USB and is just waiting for someone to stick it into their computer.

How to respond to ransomware

How you respond to ransomware will depend on a few things: the legitimacy of the attack, whether you have backups, and how quickly you need the data. Before you do anything else, you should isolate your device from any connected devices or networks. This will make sure the hacker can’t spread their ransomware to other devices. 

1. Is the attack legitimate?

You’ll need to ensure that the attack is legitimate. Besides ransomware, there is another type of malware called “scareware” which is meant to trick you into believing that your computer has been affected by ransomware, even when it hasn’t. How can you tell if it’s real? If the ransom note includes the name of the ransomware, it’s likely real. Alternatively, if you can close out of the ransomware window using keyboard commands, like Alt+F4 on Windows, then the ransom demand is likely fake. It’s also probably fake if you can force restart your computer and the message goes away. Finally, if you can get into the files that the hacker claims have been encrypted, you don’t really have any ransomware on your device.

2. Do you have backups?

If you have your data backed up somewhere else, then you won’t need to pay the ransom demand. You’ll need to run a scan on your computer and remove any harmful files or programs. Once you’re certain all of the ransomware is gone, you can restore your data using the backups you have. If your files aren’t backed up, you can run a ransomware decryption program. Many antivirus programs will include decryption tools or have one available to you. Depending on the ransomware’s sophistication, however, this may not be able to decrypt your files.

3. How soon do you need the data?

If the attack is legitimate, you’ll need to decide how quickly you need the data that’s been encrypted. Ideally, you should never pay for ransomware because it encourages the criminal to continue. Even though a large number of companies say they’d never pay a ransom, according to Trend Micro, about 65% of companies do end up meeting the hacker’s demands. Realistically, you may not even get your data back once you pay. However, there are times when you need your data quickly and it would cost more to recreate it than to pay the ransom. In those cases, it’s worth at least considering paying the ransom. Some companies have even built these fees into their IT security budgets.

The good news

The good news about ransomware is that it’s on the decline. With automatic backups gaining popularity, the malware is becoming less and less profitable for hackers. When it does come up, hackers have started targeting their attacks more towards the finance and healthcare industries. If you’re working in one of these industries, you need to stay on your guard, even with the threat declining. Ransomware may be tricky, but you can avoid it if you stay vigilant.