How to Protect Against Ransomware: 7 Ways to Stop the Worst Cyberthreat
Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015, according to Cybersecurity Ventures.
It gets worse…
Steve Morgan, Cybersecurity Ventures’ founder, and Editor-In-Chief stated in the same report that “While ransom victims are increasingly paying Bitcoin to hackers to recover their data, the total ransomware attack costs are increasing.” Ransom payments are believed to be the lowest of all damage-cost contributors.
Mike Fey, president, and COO of Symantec said, “The ‘clean up’ for companies who were impacted by WannaCry will be enormous, including months of recovery time for IT departments and multi-millions in cost for the victims.”
Companies can’t afford to lose multi-millions of dollars, let alone weeks or months of downtime.
It’s too late to protect your computer systems once they have been attacked.
You need to empower your organization with ways to protect against ransomware today before you become a victim of one of the worst IT security threats in recent history.
To help you prevent data loss and safeguard your company, we’ll review some of the most persistent ransomware threats you should be aware of, and then go over some powerful methods of protecting against them.
Let’s first understand what ransomware does and how it can take control of your computer systems.
What is Ransomware? How does it occur?
Ransomware’s definition is in its name:
This malware holds a company or individual data hostage until the ransom is paid.
Ransomware is a program that encrypts all types of files once your computer has been infected.
It can encrypt and lock your data with or without keys, spread across the network to other computers, and even share your data.
To get your data back, the hackers usually request payment in Bitcoin because it’s harder to trace and follow this form of money.
Ransomware also has another hallmark: you will be given a limited time limit to pay the ransom, or your data could be lost forever.
According to a Security Ledger report, the FBI suggests that you pay the ransom simply because the ransomware is so good. This comment was made by Joseph Bonavolonta, Assistant Special Agent in Charge of FBI’s CYBER and Counterintelligence Programs in Boston.
You must do all you can to avoid being infected if the FBI tells you to pay the ransom.
Let’s look at common ransomware forms to help you protect yourself.
Ransomware: 5 Dangerous Types
These are five well-known, active, and dangerous ransomware threats that you should be aware of.
WannaCry is the ransomware that rocked the world in May of 2017 by infecting over 200,000 computers in 150 countries.
WannaCry exploits an exploit in Microsoft Windows that was created by the NSA and called EternalBlue.
It works in the same way as other ransomware. Encrypt your data and give you a ransom note with a deadline to pay it.
While it was successfully blocked, worse versions were developed using a similar Server Message Block (SMB).
UIWIX uses the same SMB vulnerability that WannaCry used (EternalBlue) to infect systems, propagate itself within networks, and scan the internet to infect more victims.
WannaCry and UIWIX are different because UIWIX is not lifeless.
Because it reduces the footprint of malware, fileless infections can be more dangerous than file infections. This makes detection very difficult.
UIWIX is also stealthier.
It will stop trying to catch you if it finds itself in a virtual machine (VM), or sandbox environment.
If it’s not caught, it will add the .uiwix extension to all your infected files and give you a .txt file called _DECODE_FILES.txt with instructions for paying the ransom to retrieve your data.
Petya is a unique form of ransomware in that it doesn’t encrypt files on a system one by one. It reboots computers, encrypts the master files table (MFT), and renders inoperable the master boot record.
The computer will not be able to start up again until the victim pays the ransom.
Cerber had massive market domination in the first quarter of 2017, with almost 90% of market share toward the end of that quarter, according to Cybercrime Tactics and Techniques Q1 2017.
Cerber is well-known for being sent through malicious email links. This link opens a hacker-controlled Dropbox account that opens a self-extracting archive that gives you complete control of your computer.
Cryptowall has already advanced from version 3.0 to 4.0, and it’s extremely dangerous.
Its creators operate it as a business.
- They are constantly improving their code to make it more profitable and effective.
- They are always one step ahead of IT security trends
- To force their victims to pay the ransom, they have developed a variety of social engineering techniques
Law enforcement has found that CryptoWall and its distribution have proven to be a black market for ransomware sellers and buyers.
This is a clear indicator that ransomware must be avoided in any way.
Here are some ways you can keep your company safe from an attacker.
7 Protective Strategies to Avoid Ransomware
Backup everything, every day
Back up all of your data every day so that an attacker can demand $10,000 in ransom, you can be sure that all the data they have just destroyed or locked down is protected on another server they cannot access.
You must know how to back up your data properly.
Ransomware attackers may infiltrate your backup system by logging on to your computer first, and then worming their way through your network.
This means that you will need to back up your data to the cloud or a local storage device offline, not directly connected to your computer.
Back up your data to an external drive only when you are backing it up. Then, disconnect the drive immediately.
Be sure to monitor your email and don’t click on suspicious links or ads.
Learning to prevent phishing is one of the most important ways to protect yourself from a ransomware attack since most ransomware is distributed through email.
Malvertising or malicious links embedded in ads is another way to be infected by ransomware, as we mentioned earlier in this article.
Watch out for business email compromise, don’t click ads, and stay vigilant.
Install an Antivirus Firewall
Choosing a firewall to protect against ransomware is essential, but it can be challenging.
Although there are many firewalls available on the market, none can provide 100% security. However, they will protect you better than none.
Next, choose a firewall that is within your budget and your network usage. Then train your employees in IT security.
Invest in Security Awareness Training
Hackers rely more on the “human factor” than any other factor to access your data.
Although your employees may not be stupid, they might not take IT security seriously as much as you do.
Security awareness training can help to create a culture where employees are vigilant and work together to avoid malicious links, phishing emails, and other dangerous online behavior.
All of your applications should have security patches
Hacking attempts and cyberattacks all attempt to exploit weaknesses in third-party apps and plug-ins.
By patching your software, hackers can’t get into your computer through holes in the installed software.
Java, Flash, Adobe, etc. All of them must be continuously updated and/or patched to make them unbreakable.
Applications on the Whitelist
Blacklisting prevents the installation of a particular piece of software. Whitelisting allows a set of websites and programs to be installed, thereby preventing all other installations.
First, scan the machine to identify any legitimate apps. Then configure the computer to prevent the installation of additional apps.
Online, you can install an ad blocker and script-blocker to prevent ads, java, flash applications, and whitelist only those sites that you consider safe and appropriate.
Create a Disaster Recovery Plan
A disaster recovery plan (DRP) can help you spring into action during a whole host of different emergencies, from hackers to hailstorms.
These are steps that you might include in a DRP to protect yourself from ransomware attacks:
- To prevent the spreading of infection, shut down all network connections to the organization immediately.
- Turn off Wi-Fi and Bluetooth immediately.
- Notify your local authorities and FBI
- You have two options: pay the ransom or delete the files infected and then restore them using your backup.
These steps, and many more, would be included in a complete DRP that employees would have access to for immediate action in an emergency.
Get Ransomware Protection to the Next Level
A reputable IT security company can help you make sure your disaster recovery plan is accurate, your firewall is up-to-the-mark, and your employees are trained to avoid being phished.
An IT security company that is successful will work with you to find solutions that meet your needs and budget. This will ensure you get the right amount of security.
They will analyze your security and recommend ways to improve them.
They will make sure that you have the right investments to ensure your financial security.
This sounds like a win-win situation. Here’s how to make it happen.