Individual computer users are not the only ones who can encounter ransomware infections. There are many threats targeting large and small companies available as well. These nasty malicious applications are programmed by cyber criminals and used for only one purpose – to get illegal profit. Speaking specifically, crypto-malware encrypts all important files and then demands a ransom in exchange for a decryption tool. Since there is usually no other way to decrypt these encrypted files, victims send the required money to crooks and, by doing that, encourage them to continue developing serious malware. Ransomware developers rarely get caught because ransoms are sent to them in Bitcoins and saved in an individual account, so it would be too naïve to expect that a number of ransomware infections performing the encryption of data on compromised machines will stop growing anytime soon. Consequently, individual users and companies must take security measures in order not to encounter crypto-malware. Since the infiltration of the ransomware infection usually has extremely devastating consequences for companies, this report will focus mainly on security tips for companies. No matter you are a CEO of a small or large business, take proactive steps to prevent ransomware attacks today because you might lose thousands of dollars because of lost productivity if such a nasty malicious application ever affects your company’s computers and confidential data.
First of all, it must be emphasized that ransomware infections are one of the sneakiest malicious applications available on the market today, so it is not surprising at all that the majority of victims find out about the successful entrance of this threat when it is already too late, i.e. when the damage has already been done. Crypto-malware is typically spread via malicious emails (often spam) sent from unknown sources. Also, it might be enough for an employee to click once on the malicious link to cause problems to the entire company. Finally, ransomware infections might be delivered to users’ computers via exploit kits, malvertising, and the so-called drive-by downloads, so it is very important not to visit/browse dubious websites. It is quite a challenge to prevent ransomware attacks, but it is definitely not something that is impossible.
No doubt ransomware infections are sneaky, but there are still multiple steps (see them all listed below) that can be taken to prevent ransomware attacks. It goes without saying that a layered approach to cybersecurity is always best.
- Make sure there is security software installed on all computers within your business. These tools must be active 24/7 and updated regularly. The majority of reputable security applications can recognize malicious files containing ransomware infections before they are downloaded. Additionally, they can prevent silent installations of malware.
- All employees must know that clicking on suspicious links and opening attachments from spam emails can have undesirable outcomes that might have an impact on the entire company, so make sure you give proper annual training for the people who work in your enterprise.
- Go to disable files running from %APPDATA% and %LOCALAPPDATA% directories on employees’ computers because malicious software is usually dropped and starts running from these directories. If it finds it impossible to launch, it could not cause any harm.
- Administrative rights on computers used by employees should be restricted. Reduced privileges will lower the probability of the ransomware attack. The standard user account will still let them change Wallpaper, change the default browser, bookmark favorite websites, etc. Generally speaking, employees could still perform activities that do not affect the system’s security.
- Ransomware infections are more likely to affect computers with outdated Java, Flash, and Adobe Flash Player, so make sure all the latest updates are installed on your employees’ computers. Cybersecurity ventures (e.g. Microsoft) release security updates on a regular basis, but unscheduled “emergency” updates are released too from time to time, so it would be best to enable automatic updates.
- If Remote Desktop Protocol (RDP) is never used, it should be disabled because ransomware infections might access computers using RDP (it is a Windows utility that makes it possible to set up remote connections) quite easily.
- The company’s email service provider should be set to filter emails with two file extensions, e.g. exe.pdf because ransomware infections are often distributed as files with double extensions.
- The successful entrance of the ransomware infection usually results in the encryption of files. Companies have thousands of files on their computers/networks, so the entrance of the ransomware infection usually results in a huge loss for them. Yes, a file created one hour before the ransomware attack might be lost forever, but other files could be restored quite easily if data is backed up regularly. For example, enterprises can make copies of their data to external servers, cloud providers, or local storage devices.
Ransomware infections are becoming more and more sophisticated, specialists say. Threats developed by cyber criminals these days are already far away from the first ransomware infection developed back in 1989, so the above-listed tips should be taken seriously. If crypto-malware still manages to bypass security and affect your company’s computers, make sure you do not pay the ransom demanded because making a payment to crooks does not usually solve the problem. To put it in another way, the chances are high that encrypted data will stay as it is after paying a ransom, and the money sent will not be returned. Unfortunately, alternative data recovery methods are usually ineffective because crypto-threats use strong encryption algorithms to lock data on compromised machines.
References:
- Lord, N. Ransomware Protection & Removal: How Businesses Can Best Defend Against Ransomware Attacks. Digital Guardian.
- McGoogan, C. How to Protect Yourself from Ransomware. The Telegraph.
- Myers, L. 11 Things You Can Do to Protect Against Ransomware, Including Cryptolocker. Welivesecurity.
- How Crypto Ransomware Spreads… Is it Decryptable… Should I Pay the Ransom. Microsoft Discussion Board.
- Increase Security By Removing Local Admin Privileges From Employees. Bruceb News.
- Free Images. Pixabay.