7 Ransomware Prevention Tips for Reducing Risk - iCorps
Unless you’ve been living under a rock these past few months you’ve undoubtedly heard about the plethora of ransomware scams that have struck businesses so far in 2016. Targeting no industry in particular, ransomware victims - just this year - have included hospitals, school systems and even churches.
So what is ransomware exactly? Ransomware is a type of malware installed by hackers that prevents users from gaining access to their devices and files until a fee is paid either in the form of money, or of late, Bitcoins. It can be installed easily onto your device when visiting malicious websites, opening suspicious emails or downloading infected software. In most instances, the hacker will either encrypt files on the devices hard drive that are impossible to decrypt without an encryption key, or they will lock the users system altogether until the ransom is paid to the hackers. A lot of the time the ransom may be small and under $500, but it’s often the downtime, man hours and data loss that can have the most devastating impact on the victim’s organization.
One of the latest targets was A Police Department in Melrose Massachusetts. The malware was activated by someone in the department’s system opening up a malicious email that was sent to the entire staff. That one email open allowed the malware to encrypt and block access to essential software used by the entire force. With the threat of being locked out of their system for long periods of time and the potential for data loss, the police department worked with a local IT director, and relinquished one Bitcoin in exchange for access back to their system.
Now, a Bitcoin today costs around $430 Dollars and that is about the average cost in most attacks. But as ransomware tactics get better, expect hackers to continue to up the ante. Just last week a hospital in Hollywood was hit for 40 Bitcoins (nearly $17,000) in order to regain access to their patients’ medical records. Ransomware techniques have become so refined over the past few years even the FBI suggests victims to “Just Pay the Ransom.”
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
No one step can completely prevent ransomware, however, the more tips below that you can use, the lower the risk of ransomware becomes:
- Never open email attachments that you have not requested and be cautious of emails from unexpected senders or making unexpected requests.
- Block ads, scripts and plugins (i.e. Java, Flash) in your browser. Work with your IT consulting team for assistance with this.
- Be cautious of links within emails from unknown senders. There are services that can be implemented that will check links for you to protect you from suspicious links. Please speak with your consulting team if you are interested in this recommended service.
- Refrain from clicking on spammy links or advertisements.
- Save corporate data to a corporate file server or file sharing service such as OneDrive for Business.
- Ensure you have a managed anti-virus solution that will provide always up-to-date definitions and on-access scanning. Work with your IT consulting team to ensure a solution is in place.
- Ensure content filtering is happening at the firewall level for maximum protection. Work with your IT consulting team to tune your content filtering needs.
Last but not least, communicate these tips to your internal staff to ensure that these precautions are adhered to company-wide. With Ransomware Trojans like Cryptowall, TeslaCrypt and Locky expected to encrypt a record number of servers in 2016, now is the time to prepare yourself.