Even though ransomware was ‘declared dead’ at the start of 2018, attackers proved experts wrong when they reared their ugly head in Atlanta last March. The attack delivered a multimillion-dollar blow, as Atlanta spent upwards of $2.6M to recover from a $52,000 ransomware scare. The following article, courtesy of Bogdan Patru – an Online Privacy and Cyber-Security Analyst at VPNTeacher – explains how your company can potentially avoid ransomware attacks and protect itself from the possible fallout.
Recent statistics have also been somewhat worrisome – especially in the United Kingdom – where about 54% of all UK businesses have gone through a ransomware attack. Some have had to shell out thousands of dollars to get their systems back online, and a few of them, were hit with ransom attacks totaling damages of greater than $50,000.
Most of us have heard the expression “Never negotiate with terrorists”. In this case, it’s good advice because once the ransom is paid, you typically end but becoming a profitable target, and are openly recruited by attackers to fund even more attacks.
So, what exactly can you do in order to reduce the fallout of a ransomware attack? Bogdan Patru, an Online Privacy and Cyber-Security Analyst at VPNTeacher, offers the following ransomware tips:
- Do not give in to ransomware threats.
The worst mistake you could do is actually paying the ransom because they’re never going to stop once they see their scheme works. Now they know they can coerce you with mere threats.
You’ve just transformed your system into a target. While some hackers do keep their word and restore access to your assets, do you really want to rely on the promise of criminals.
- Be vigilant of any suspicious email.
Many ransomware attempts are sent via phishing emails. Under no circumstance should you click any links provided in dubious emails, regardless of their apparent authenticity.
Don’t provide them with any personal information if you do answer any emails or phone calls. Many phishers will try to trick their targets into installing malware to have a backup plan in the future. They could also pretend to be from the IT department in order to gain any important intelligence.
For any inbound emails, employ a content scanning and apply a filtering process. This is to detect and block off any known or unknown threats, any risky attachments.
- Backup your files and data appropriately.
Whether you work in a company or if you’re an individual user, you should still back up all your files and important data. By doing this, you eliminate any leverage the ransomware hackers might have on you.
However, don’t make the mistake of only doing the backup online. Instead, save your data on an external HDD, for example, where it’s safe and secure offline.
Restoring files from a backup is the fastest way you can safely get over a ransomware attack. Vigilance is key, regardless of the situation. It can save you a great deal of effort and, in this case, a hefty purse of shiny gold coins, if you had to pay the ransom.
- Protect yourself beforehand!
Install a good antivirus solution, and make use of the full potential of your firewall. Keeping your security software up to date with the latest patches is critical to avoiding these types of attacks. Hackers will often exploit the vulnerabilities present in a system to get to the honey, which is your confidential data.
Not only ransomware attempts, but also phishing, malware, and any invasive attempts can be detected and disposed of by your antivirus and firewall.
Moreover, keep in mind to only use antivirus software coming from a well-known and trusted company. There are plenty of fake and third-rate protection providers out there that will only lull you into a false sense of security.
- Check your system’s access rights and privileges.
Most malware will be executed with the same administrator privileges as the person who executed it. So, if the hacker has complete access to your system, that’s basically a death condemnation you’ve signed.
The greater the admin rights and privileges, the bigger the fallout, the more data gets locked down, and the worse the leverage is once the ransomware becomes evident.
To prevent this, check all the user privileges and do not grant access to all parts of the system unless you need them. You should work with a “need to know only” principle in mind. That way, you’ll drastically minimize the fallout from a ransomware attack.
- Inform your IT department when traveling.
As a company worker, you have a safety net behind you, the IT department that. When traveling for work, be sure to make them aware if you’re going to use any public Wi-Fi networks.
Most importantly, make sure you’re using a good VPN if you’re planning on conducting business at a nearby café. Wi-Fi connections are notorious as gathering places for hackers and cyber-criminals. Combine this with the equally notorious weakness of the security there, and you have a recipe for disaster.
You can also trust FireEye, a security company that’s dead-set on fighting against cyber-crime, whatever form it may take. They were the ones who discovered the emergence of a new exploit kit called Fallout.
In the beginning, this kit was used to distribute the SmokeLauncher Trojan and the GandCrab ransomware. After a few weeks, it changed tactics and distributed another ransomware called SAVEfiles through advertising campaigns.
The reason why many ransomware attacks are actually successful is because the hackers play the part of the good Samaritan. They are the ones showing goodwill by offering to rid you of this trouble, like they were offering a service, and not doing the attack.
In the end, you must never lower your guard because ransomware attacks aren’t dead. They don’t seem to be dying any time soon, and until then, the threat is real. Protect yourself and make sure your data is safely backed up.