Ransomware – are you at risk?
Ransomware is a type of malware that takes control of your PC and data, and wants you to pay to get it back. Individual users are most at risk, however, some businesses have been caught out by ransomware that infects files on the server as well as on individual PCs, when they did not have adequate offline or cloud backups.
How Do Businesses Get Infected?
Ransomware typically comes from one of two sources: compromised websites and email attachments. A legitimate website that has been compromised can infect your machine, typically through a browser exploit. The same methodology can be used by a phishing website. A drive-by download installs ransomware and it begins encrypting your files.
In the case of a malicious email attachment, users are tricked into opening the attachment, which then installs ransomware. This can be a fake email with an attachment which has a re-named extension such as a file that ends in PDF but is really an EXE executable.
There are four steps every business should take that can drastically reduce their chances of infection – and also ease the pain should an attack succeed.
A key component to prepare for a ransomware attack is developing a robust backup strategy and making regular backups. Real-time backup or file synch will simply back up the files which have already been encrypted by the ransomware. You need a backup process which will allow you to roll back a few days before the ransomware attack and restore local and server apps and data.
User education is a powerful weapon in your arsenal against ransomware. Train users to recognise social engineering techniques and avoid clicking randomly on appealing adverts and never open an attachment from someone they don’t know. Attachments from people they know should be viewed and opened with caution.
There is no guarantee that you will get your files back unencrypted, and by paying you give the criminals an incentive and the means to develop better ransomware. Even if you do receive your files back safely, the malware can remain on the system and your activities can be monitored, and additional information can be stolen.
Consider moving to the cloud. Cloud providers have malware scanning, enhanced authentication and many other protections that reduce the odds of them succumbing to a ransomware attack to negligible.
At the very least, move email servers to the cloud. Then, if your local machine becomes infected with ransomware, simply wipe your local machine, re-image it, reconnect to your cloud services, and you’re back in business.
Are you actively protecting your business from Ransomware?
Adapted from articles by Jack Schofield, guardian.com and Matthew D. Sarrel, pcmag.com
Thanks for submitting your comment!