How to protect your business from ransomware
Everyone has become familiar with the term ransomware, with attacks increasing in frequency.
Most ransomware takes control of a machine or mobile device and demands payment in cryptocurrency to release an encryption key to unlock the system.
Ransomware attacks are indiscriminate in who they target, affecting businesses and individuals alike. As long as the ransom is paid, the cyber criminals don’t care who is affected.
Unfortunately, too often it seems that the only way to get your files back is to pay. However, we cannot advise strongly enough against this approach. Not only is paying the ransom no guaran- tee that you will get information back, it simply encourages the actors behind this scourge to launch more of these attacks.
Several security vendors have designed tools to help decrypt files, and an initiative called “No More Ransom” has released about 52 free decryption keys to known pieces of ransomware. There are also several ways businesses can protect themselves from ransomware.
Firstly, back up, back up and back up again onto an external hard drive. In the worst case scenario, where you have no encryption key, and are unwilling to pay the ransom, having all your files backed up will allow you to recover quickly from these attacks.
Businesses usually save copies of their data to off-premise servers that will remain unaffected in the event they fall victim to such an attack.
Companies should teach their staff about good security practices. Ransomware infections usually happen because someone unwittingly clicks on an attachment, reads a malicious advert on a website, or falls victim to a clever phishing attack. To infect a victim, attackers need to download malware onto their computer.
Always err on the side of caution when opening an email, particularly from a source you are not 100% sure is legitimate, and never, ever click on any links or attachments in these emails.
Take this further and only download apps from official marketplaces. Check the reviews for any reports of malicious activities, and question the permissions carefully to make sure an app isn’t asking for access to things it doesn’t feasibly need. And of course, make sure you have anti-malware installed on your devices.
Finally, and this was a major lesson taught by WannaCry, update and patch your software. Vendors regularly release updates to their products to fix vulnerabilities that can be exploited for all sorts of malicious activities.
Robert Brown is the CEO of DRS, a Cognosec AB company
Back up and back up onto an external hard drive