Ransomware is extortion. Pure and simple. It’s a cyber security attack that aims to take control of your computer, rendering it inoperable. In other words – your powerful PC or Mac has turned, very quickly, into a very expensive desk ornament. Before you know it you’re locked out of your system. Relief is promised by paying a ransom to the hackers who have infiltrated your machine.
Ransomware is an evolution of the more common Scareware attacks that you’re probably familiar with. If you’ve experienced annoying messages that inform you that your computer is riddled with numerous evil viruses – you’ve experienced Scareware. They scare you into buying fake software to remove fake viruses.
Typically these threats will be presented as pop-ups, many of which look like authentic Windows or Apple alerts. This form of malware, while annoying, is usually easily fixed. If you find yourself in this situation, your local computer specialist should be able to help you with this.
Although Ransomware is less common, it is far more dangerous.
How do you get attacked?
A Ransomware attack will start with a phishing email or by opening an infected document, usually in the form of a Microsoft Office file. It’s not unusual for would-be hackers to target different people within the same organisation. They only need to get lucky once. And of course, if the computer is networked, the Ransomware could spread across all machines on the network.
How can you defend yourself?
There are a number things you can do to limit your exposure to a Ransomware attack.
Your virus software and any other security tools you have at your disposal are useless unless you keep them updated. To help the process make sure automatic updates are switched on.
It’s not just your security software that needs to be kept up-to-date, it’s critical that all your software is updated. This is especially true for your operating system. Again, you should have the option to automate this process. Remember though that any of your software products could have vulnerabilities, especially if they connect directly to the internet.
Don’t Use Your Computer As Admin
Where at all possible, avoid logging onto your computer as an Admin user. Doing so opens up more access points to your system. If you must use your system in Admin mode, do what you need to do and log out as quickly as possible. Resist the temptation to ‘save hassle’ by remaining logged in as Admin.
Educate Your People
The vast majority of Ransomware attacks have one thing in common – people. There’s no getting away from it, human error is the leading cause of most cyber attacks – including Ransomware. Educating your team on what a Phishing attack looks like and why they should never open an attachment that looks suspicious would be a good starting place.
If you don’t have the skills or knowledge in-house, find someone you can get honest, expert advice from. They’ll be the go-to-guys you turn to if you’re ever the victim of a Ransomware attack,
What not to do – Sucker List
In the early days of Ransomware, the attackers were quite greedy – looking for thousands of dollars to release your computer. Now, though, they’ll regularly look for anything as little as $15. The logic being, people, will be more likely to pay up, to avoid the embarrassment associated with being a victim of cyber crime.
Of course, that’s the worst thing to do. For a start, your computer will still be compromised, even if it appears to have been released back into your control. More worryingly, you’ll be added to a ‘suckers list’ and will find yourself targeted by other cyber criminals on an almost constant basis.
It’s worth remembering that even organisations with hefty cyber security budgets fall victim to Ransomware attacks. The truth is, no matter what you do, you can still become a victim. That’s right, even if you do everything we recommend, you can still fall prey to attack. There is no such thing as a guaranteed defence attack against Ransomware or any other cyber attack for that matter. Your aim shouldn’t be to build an impenetrable fortress – it should be to build a resilient business.
Your best defence is to be setup so that you can wipe any affected machine clean at any time. Then, all you need to do is reinstall your system from your last clean backup. To do this, you’ll need to have a proper backup process in place. The good news is that this has never been easier. There are dozens of backup solutions that can be trusted to store your precious data.
And if you’ve already made the shift to G Suite, you can log onto your account from any machine and be back working on the report you promised your boss.
Your goal has to be business continuity. There’s no guaranteed defence against Ransomware. You have to build a resilient business that isn’t dependent on your local or networked machines.
Follow this advice and you can sleep safely in the knowledge that whatever happens, you can have your core IT systems back up and running in no time at all.
Take back the power; ignore the fear and eliminate the risk to your business.
Your Peace of Mind Checklist:
- Is your software and operating system up-to-date?
- Are you logged in as admin?
- If you are logged in, do you know how to logout and use a non-admin account?
- Do you know how to wipe your machine?
- Do you know how to restore your machine?
- How quickly can you be back up and running?
If you can’t answer these questions yourself, find someone who can. You’ll sleep much easier.