Why Ransomware Attacks Still Work
Ransomware continues to attack important sectors ( hospitals, banks, universities, Government, law firms, mobile users) and other organizations equally worldwide. Ransomware attacks still have a high rate of success. According to a recent study by Google, ransomware victims have paid more than $ 25 million in ransoms over the last two years.
Encrypting ransomware ( crypto- ransomware) is the most widespread cyber- attack of the moment and it’s important to keep all software up to date with backups of all critical data on external hard drives and online. Many software vulnerabilities happen because people don’t update their software.
Use and apply security awareness programs within your business to avoid clicking on unknown links and attachments in email that could redirect to malicious websites;
Restrict the access of employees to only that data to which they need, and limit their ability to i nstall software programs. Remember to disable macros in Microsoft Office. Be sure to have a paid antivirus product that is up to date.
Establish s ecurity awareness campaigns that stress the avoidance of clicking on links and attachments in email. Ask t hese questions when receiving an email message with a link or an attached file:
1) Do I know the sender?
2) Do I really need to open that file or go to that link?
3. Backup the data. Remove local external stor- age devices after a backup has been taken so that if ransomware does infect the computer, it won’t be able to touch the backup.
4. Restrict administrative rights. Reducing privileges will reduce attacks significantly. Educate staff about what ransomware is, how it can infect their machines
Always show hidden extensions ( ransomware. jpg may actually be ransomware.jpg.exe), filter out executable files from email servers and disable remote desktop connections.
Most ransomware is delivered by spear phishing. Often this is facilitated by information gathered through social media. Have a social media policy in place that limits work- related information.