Ransomware is a type of malicious software that encrypts files on your computer so that cyber criminals can hold those files on your computer for ransom. Essentially, demanding payment from you within a certain timeframe to get them decrypted. In some cases, the encrypted files can essentially be considered damaged beyond repair.
There are plenty of ways ransomware can get onto a person’s computer, but as always, those tactics all generally come down to certain social engineering techniques or using software vulnerabilities to silently install itself on a victim’s computer.
Unfortunately, the threat of ransomware is very real, and is becoming an increasingly popular way in 2017 for malware authors to extort money from businesses and consumers alike. We’ll give you some great advice to have you properly prepare your computer, servers, and networks. Here are a few tips that will help you keep your data protected and prevent ransomware from hijacking your files this year and years to come:
First & Foremost, Back Up Your Files Regularly…
…and keep a recent backup off-site. If you don’t already have backups of your data, this is the most critical action step that will help you defeat ransomware. Be certain that you have a regularly updated backup and have tested that you are able to restore those files. Ideally you’ll have the backup located on multiple drives.
Do NOT Download Email Attachments or Enable Macros
You’ve may already received these types of emails already… claiming to be an invoice or some purchase order of some sort. Be extremely careful about opening email attachments from anyone outside of your organization. Simply deleted any malicious emails without opening them. Also, consider installing Microsoft Office viewers that allow read-only access and don’t enable macros.
Don’t Have More Access Privileges Than You Need
Simply, the minimum effective dose here… if you don’t need administrator rights for your day-to-day tasks, then create a separate account with limited access. When you do login as an admin, don’t stay logged in any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator… that’s what your limited access account is now for.
Update, Patch, Uninstall
Malware that doesn’t try to install itself by a Microsoft Office file macro will often rely on outdated software and applications that have bugs in them. Be sure to apply the latest security patches available, which will limit the attackers options for infecting your computer with ransomware.
Train Your Employees in Your Business in Good Practices
Strong passwords. Not sharing user logins. Logging out at the end of the day. Train your employees who have access to computers and their systems to have good practices. They can be the weakest link in the company’s computer systems if you don’t have a training program in place that will teach them how to avoid spam email attachments, unsolicited documents, and malicious software.
Segment the Company Network
If you have clients or customers that need access to the internet while visiting the company, be sure to have a separate access point that only allows use of the internet and prevents access to the company network.
Show Hidden File-Extensions
By default, known file extensions like .EXE are hidden and that’s one way that ransomware frequently disguises itself is by having the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions so that it will seem like it’s just a PDF. We suggest that you re-enable the ability to see the show file-extensions so it will be more obvious to detect suspicious files.
(Did We Say 7? Here’s An Extra!) Disable RDP
One way the Cryptolocker/Filecoder malware often accesses victim’s machines is by using Remote Desktop Protocol (RDP). This is a Windows utility that allows others to access your desktop remotely. Such as those who fake that their an IT support person and will help you speed up your computer. If you do not require the use of RDP, you should disable it to protect your computer from malware that exploits this.
Ransomware can certainly be frightening, but there are many steps to take that can help you be prepared in any situation that would put your data at risk. That is why it has always, and will always be, the single most important best practice to protect your company against data loss with regular scheduled backups. That way, no matter what happens, you will be able to restore your data quickly. I can only hope that if anything positive can be taken away from the increased threat of ransomware, it is a clear indication of the importance of regularly scheduled, frequent backups to protect your valuable data.