Protecting yourself from Ransomware

Protecting yourself from Ransomware

Cryptolocker ransomware screenshot

Cryptolocker ransomware screenshot

What is Ransomware?

Ransomware is malicious software that criminals use to prevent access to your computer files by encrypting them, they then demand payment in order to decrypt your own files and restore access. Unfortunately, this is becoming more commonplace in today’s world and consumers and businesses should understand how to protect themselves to prevent such an attack.

How does Ransomware spread?

As with most viruses, there is a variety of ways in which ransomware can get installed but the most notable are using infected email attachments, software vulnerabilities or via social engineering.

After the software has infected a host machine, it will look for other ways to spread through the network. Any network drives (think shared resources between an office) that may be mapped on the infected machine will start to get their files encrypted as well. This can absolutely cripple a business without the proper protection.

How can I protect myself?

1.      Backup your data!

The absolute best way to protect yourself is to have a regularly updated backup.  If you are hit by ransomware and have a backup, you may lose a few hours of work but you can restore your workstation to a previous backup before infection and you’ll be ready to get going again.

Without backups the only way to restore your files is to either pay the ransom or hope someone has cracked the decryption algorithm, otherwise you will not be able to access any of your files.

Earlier in the year we had a client infected 12 hours after a new variant of the Zepto ransomware was released, this spread from one host machine and encrypted files on their network drives and halted work. We quickly had the client isolate the infected host machine and thanks to our backup solution, we started a restore to backup from the night prior. After the infected machine was wiped clean and the network drives were restored, only a few hours had been lost. The clients machine had been compromised by an infected email attachment masquerading as an invoice.

2.      Show hidden file-extensions

By default, Windows hide known file extensions. However, a lot of ransomware will be a file with an extension of “.PDF.EXE” hoping that Windows will hide the known extension. If you enable showing hidden file-extensions, you will be more likely to notice a suspicious file.

3.      Patch and update your software

Software updates and patches, for example in Java and Adobe Flash, are incredibly important to prevent viruses from exploiting security vulnerabilities that may exist in older versions. It is very important to keep patched and up to date.

4.      Use a good, reputable Anti-Virus/Firewall

Using a good anti-virus and firewall combination is important to helping to prevent the installation of ransomware in the first place, ransomware developers are constantly creating new variants to try to skirt around detection but with two layers of security, you stand the best chance. We recommend products from Sophos for the best protection.

5.      Email Security

Be extra cautious when you receive email attachments, especially from an unknown sender. A common technique is to send an email with a word document as an attachment, the content of the email will say that the attached document is an invoice that requires paying. Within the document, they will ask to “Enable Macros”, do not do this. After enabling the macro (code) to run, it will download and install a virus/ransomware in the background.

As mentioned in section 2 as well, do not open files with the extension “.exe” that may be emailed across as these will most likely be a virus or ransomware.

Talk to us

If you have any concerns about your current backup solution, network security or anti-virus then please, talk to us. Use the contact form to send us a message or give us a call on 023 8161 7181