The threat of ransomware attack is growing and here is how to protect yourself from encryption based malware known as ransomware.
The Internet is dark and full of terrors! Yes, the virtual world has its fair share of downsides as well. Online threats such as data hacking, virus infestation, malware attacks are common. Ransomware is another addition to the list. Ransomware programs such as WannaCryptor (aka WannaCry) CryptoLocker and CryptoWall are the most prevalent of threats among e-commerce websites.
These malicious applications lurk around waiting for gullible web users to fall into their trap. Once the malware gets installed in the system, it effectively locks all the functions of your computer rendering your OS useless, until you pay the hacker a huge sum of money as ransom. The entire purpose of the ransomware threat is simple to extract money from you for restoring the data it has captured.
Some Scary Stats About Ransomware
Since January 2016, there have been 4,000 ransomware attacks, that’s 300% increase as compared to data from 2015.
1. In 2015, more than 25,000 enterprise users reported ransomware infections in their computers. A Kaspersky Labs report suggests that in 2016, the number rose to 158,000.
2. A Webroot press release claimed that in 2015, close to 100,000 malicious IP addresses were being created every day, indicating how cybercriminals rely on changing identities.
[irp posts=”53482″ name=”Uiwix, yet another ransomware like WannaCry – only more dangerous”]
Read on to know more about the dangers of ransomware and how to protect your computers from it:
The Do’s and Don’ts of Protecting Critical Data
Ransomware is not a new term for web developers and entrepreneurs; in fact, this online threat has been around for a quite a while now. It’s been around for a number of years; the first known version dates back to 1989. However, the currently sophisticated ransomware that we see today popped up somewhere around 2010.
Ransomware is a threat not just to people in business but also ordinary web users who’re online just to check their emails or their Facebook newsfeed. Listed below is a comprehensive list of dos and don’ts that every web users must follow so as to ensure that they never fall prey to ransomware:
- Install an anti-virus software and keep it updated
- Always keep the firewall activated on the browser
- Never share your personal information or any sensitive data online unless you are sure of the authenticity of the platform
- Never click on suspicious links or pop-ups that claim how your system is infected with malicious programs, and you need to ‘click’ to clean up.
- Keep a backup ready, in case your data gets lost
- Save your data in the cloud, it safeguards your files and makes data recovery easier.
- Keep the operating system and other crucial applications on your computer up to date.
What To Do If Ransomware infects your System?
In case you didn’t detect ransomware with siem, and your system does get infected, don’t panic. The list of rules mentioned above only ensure that your computer doesn’t fall prey to malware; it gives you no information on what to do if your system is already infected. Business enterprises, established organizations and web browsers – no one is spared from these malicious ransomware cyber minds.
You cannot undo what’s been done, but you do have control over your future course of action. We would now discuss the options a web user has when ransomware has compromised his account or system.
Do not, under ANY circumstance, pay the ransom!
Giving in to the demands of the hackers seems like the only practical option when the question of data security looms ominously in the background. However, that doesn’t necessarily have to be true. Paying ransom might seem like the easy way out but remember that doing so would only fuel their illegal activities and fund the attackers.
Moreover, even if you end up paying the said amount, there is no guarantee that your files would be decrypted and restored safely. Caving into these criminals in the hope of returning the files held hostage only gives them leverage to use the information against you for future attempts of extortion.
[irp posts=”44477″ name=”7 Cases When Victims Paid Ransom to stop cyber attacks”]
So, What Should You Do?
The first and foremost thing that you should do is try removing the infected program from the server and safeguard your system. Each application has its own removal and deactivation process. These tutorials and help articles will give you a systematic, step-by-step guide on how to successfully remove the affected program without compromising on the security of your system. Note that the removal process works best when the system is disconnected from the network so as to minimize the risk of the ransomware spreading to other applications as well.
Once you have terminated the infected program, your next course of action should be to restore the data held by hackers. Using a good and reliable backup platform is the easiest way to reclaim the lost information. When your data gets attacked by ransomware there are two options that you can choose from- either pay the ransom (not recommended) or restore the data via backup. There is no third way out. You can snoop around online looking for “shadow copies” or variants of the original files, but even those are of no help as hackers today use advanced RSA-2048 bit encryption key that not even “brute force” can break into.
How Do You Safeguard Your Data?
Ransomware though possibly the most dangerous of online threats is nothing different from any ordinary malware if you look closely into its nature and functionality. Before we begin to talk about the various precautionary measures to protect your system against any ransomware, please note that the program spreads just like any other malware and needs an outlet, a weak point or a crack in your network through which it can infiltrate your system. Following safe browsing and computing practices and playing by the rules mitigates the risks of a ransomware attack. Mentioned below are some precautionary measures that every web user must adopt. It is better to be safe than sorry.
Always Be Suspicious
It is always better to be on the lookout for suspicious activities than be complacent and regret it later. Moreover, no malware programs today come with a warning or any such indication of their true nature; hackers are way smarter than that. Cyber minds are always updating their hacking standards using new and innovative technology to dupe customers.
Most of the time the infected files and malicious malware comes disguised as an alert message or an unexpected email from your contact list. Never click on any attachment or hyperlink that seems fishy. Also in case, you notice any suspicious file or email that asks for your personal information or bank details, double check it with the source company or sender before you download the attachments or give away any such sensitive data. Think twice before you click on files with suspicious extensions such as .exe
Keep Your System Updated
The fact that ransomware acts like any other malware and spread the same way a virus would be encouragement enough to keep your operating system updated as per the latest standards. Keeping all the applications, software and other core programs on your system upgraded to the latest standards only decrease the chances of a ransomware infestation. The developers of a program release updates and bug regularly fix that slowly but steadily changes the basic functionality of the system. If you do not tweak the OS accordingly, your files automatically become susceptible to an online attack.
Run a Reliable Anti-Virus On The System
With constant updates and cloud backup support, it is tough for the ransomware malware to infiltrate your system. However, it is always safer if you also install a robust and reliable anti-virus system on your computer or mobile device. The anti-virus protection automatically deflects all Trojan programs, suspicious files and blocks any malware that might prove harmful to your system. Moreover, the cost of anti-virus software is any day less than the price you will have to pay in case your files are stolen by a dangerous program. Anti-virus programs like Quick heal and Avast also offer firewall services for safer web browsing.
Always Have Backup
If by any chance your system does get infected with ransomware and the security of your information is at stake, cloud-based storage can effectively save the day. Having a backup either on the cloud or any offline external memory device saves you the trouble of paying to access your own files. Creating multiple backups sounds like a smart solution for users who want to protect their data from ransomware and other threats. For instance, Synology Cloud Station backup is a good option to back up stored data of the PC with the NAS system. Here, you get the option of creating almost 32 versions of the same file!
The Best Security Hacks To Apply Now
Prevention is always better than cure; this holds true for all your online activities as well. Discussed below are the best security hacks of the year that every web user should apply right this moment to safeguard their files from ransomware and other virus threats.
Keep a Firewall Application With Web Merging Features
Installing a firewall is perhaps among the safest ways to protect your browser from any malware floating on the web. The firewall stands as a powerful barrier between the browser and your system, it meticulously checks and scans everything you download or install on your device from the internet. FortiGate, SonicWall, Untangle, UTM are among the top firewall programs that offer robust protection against ransomware. These applications are also known for blocking websites that have malicious content that can harm your system in any way.
A Centralized Anti-Virus Management Server
Anti-virus companies such as MacFree, Avast, and Sophos provide users with a centralized console for monitoring and managing your online and offline activities. This is an excellent feature for IT companies and multi-tier organizations that can now get all the notifications about the various departments on the local server as well as track the activities of a SaaS cloud-based platform in a single place. A more advanced version of the anti-virus also gives you the freedom to set up the trigger and execute them on the network accordingly restricting access or disabling certain sections as and when required. Ensure that the anti-virus is always up to date with the latest upgrades released in the market.
Ensure That User Accounts Have Minimum Rights
The ransomware attacks are typically sourced from end-user accounts and can enter the network even if any member of the network installs or clicks on a suspicious attachment. Not all users should be given the same level of freedom and access to the files and folders on the server. This is where the “principle of least privilege” comes into the picture. When you assign security permission and accessibility to end-users, give them the liberty and authority to access only those files that they strictly need to complete their assigned tasks. Doing so would drastically minimize the risk of ransomware. It is smarter to authorize a few trusted people in the organization than to open the network for everyone.
Setup Correct File and Folder Level Permissions
While a firewall ensures that your files are protected from any external threats looming on the server set up various correct file and folder level permissions protect your data from any internal security threat. Adding permissions and passwords that restrict end-user access to certain files prevent the risk of them hoarding the data and asking you money in exchange for it. You can tweak the access points of the NTFS security system giving only certain trustworthy users the authority to access the files on the server. By doing so, you are automatically blocking all attempts by external parties to barge into your system and steal data.
Enable Creation of Volume Shared Folders on Shared Drives
Enabling the creation of volume shadow copies of the existing files and folder on the server is an added protection against ransomware that every organization should adopt. The shadow copies that you store on the shared network of the server can be accessed in case of a malware attack. Also depending on the way you store the files, the application also allows you to restore the files in their original form despite the changes made to them during the course of time (here the changes signify the attack of ransomware that encrypts files). The volume shadow copy feature comes pre-installed on the Windows OS. You can enable it from the File Explorer section.
Install File Screening
One of the easiest ways of ensuring that your system is protected from ransomware and other online threats is by setting up FSRM or File Server Resource Manager on your primary file server. It screens all the sites and information you access online and tracks your web presence. The system helps you monitor and control end-point access and restrict suspicious files and programs from entering the system via the main server. It minimizes the risk of a malware infestation by preventing the end users or clients from wreaking havoc on your system. FRSM scripted solutions allow you to trigger various policies that deflect the malware’s attempt at infiltrating your device.
Offline Backup and Data Security
Data backup doesn’t necessarily involve online storage solutions and cloud-based services. Sometimes it can also be about offline storage. However, that does not mean you store the information in the same system by creating a second base partition in the memory. That still renders the files vulnerable to a ransomware attack. No, what you need is a powerful and dependable offline storage solution that can give you unrestricted access to information in case of an emergency situation or on-site disaster. External hard disks, USB storage devices, and NAS devices are among the most popular off offline backup choices among users.
GPO Restrictions And Patching
Installing GPO restrictions on the network reflects not only ransomware but all kinds of malware and virus threats allowing you to use the network freely. It provides granular control assisting users in tracking the execution files right from their source to the endpoint. Therefore, by enabling GPO restrictions, you can easily block any suspicious activity and stop any malicious attachments from downloading automatically on the system. You even get the freedom to disable extensions and files from executing. Another method that you can use here is Patching, a technique that can be accessed from third-party applications such as Java, Flash or Abode.
The Bottom Line
Like everything else, even the World Wide Web has its fair share of ups and downs. The technological developments through a boon for online ventures have also contributed to the growth of cybercrime. It has unfortunately also assisted hackers in creating nastier malware that can destroy the very foundations of your website. Moreover, the fact that ransomware has now started infecting Mac devices as well has only added on to the hype around it being the most dangerous of cybercrime tools out there.
[irp posts=”48412″ name=”The Mirai botnet: what it is, what it has done, and how to find out if you’re part of it”]