Ransomware has grown substantially over recent years and is currently a real business. Attackers can easily purchase ransomware-as-a-service as no technical skills are required to use this service.
What is Ransomware ?
Ransomware is a malicious software or malware that is secretly installed on a victim’s device encrypting all the data.
In the most basic example of ransomware, malware is used to lock all the documents on your computer with a key. This key will only be available to the cyber criminals. The criminals will then ask you to pay a ransom only decrypting your data with the key after payment.
Ransomware is a profitable business with as many as 47% of targets falling victim to attacks, as per a new study by Barracuda Networks. Victims are usually targeted through phishing emails or other means like USB keys, all containing the malware. Upon opening of documents or inserting the USB, the malware is then installed and all the data locked.
Anyone can be a target to a ransomware: individuals, small businesses, or multinational corporations. Individuals and small businesses, in particular, can be attractive targets as they tend to have limited cyber security controls in place.
Here are my 5 tips for protecting yourself and your business from a ransomware attack:
1.Be Aware of Phishing Attacks
Phishing is an attack which conceals a reliable entity in an electronic communication. These types of attacks are getting smarter as they can look like they are from a legitimate source. ‘Spoofing’ is also a technique used during these cyber-attacks. Spoofing is the technique of successfully masquerading one person or program tricking the victim even more easily.
2.Don’t Plug an Unknown USB
Never plug a USB into your laptop if you are not sure where it came from. This is also a common type of attack used to trick users. Sometimes, the cyber criminals will intentionally leave a USB key in your office with the name of your company to make sure that the user will take it.
3.Install an Anti-Malware
An anti-virus is not an anti-malware. Additionally, the anti-malware might not even protect you from a ransomware. Some solutions like MalwareBytes can help you reduce the risks of an attack. Remember though that you are never 100% secure as there is always the possibility of an attack.
4. Have a Back-up
The only way to be confident is to have a backup of all your data at any time, this backup will need to be OFFLINE. If your hard disk is plugged into your laptop when the attacks occur, it will end up being encrypted as well and therefore you will be in trouble. You will need to make sure that you have the right frequency for backing up your data, depending on the changes.
Check your backup on regular basis. Sometimes hard disks can have a certain lifetime or become damaged. Having a backup that doesn’t work will also bring you the same trouble.
5. Have a Recovery Plan
Individuals and small businesses usually end up paying the ransom as they do not have an active backup. The important way to recover the data is to make sure that you have the right strategy and you clean your laptop before reinstalling the backup. I recommend you hire a professional to help you.
For major companies, the lack of having a special recovery plan after a ransomware attack leads to ransom payment as the recovery of the backup might take too long and cause too much business disruption.
To summarise, email phishing is currently the most popular techniques for ransomware distribution, and an anti-virus will not protect you from these phishing attacks. Ransomware, in general, has become one of the biggest cyber threats out there and following the tips in this article might help significantly reduce the risks to you!
Magda CHELLY Ph.D is a CISO advisor and owner of Cyber Responsible Pte. Ltd. Singapore and K2’s Cybersecurity Partner. Reach out to her if you have any questions or leave your comments below.
If you’re a customer looking to find out more about how you can protect yourself or your business online, find out more about K2’s Cybersecurity services and contact us. if you’re looking for your next cybersecurity project submit your details to us and we’ll be in touch!