Ransomware has been gaining popularity since around 2013, when CryptoLocker first appeared. Ransomware is a special type of malware that restricts access to files on an infected computer system and demands that the user pay a ransom to unlock these restricted files.
Ransomware attacks have grown more sophisticated over the past 3 years and an infection can have dramatic productivity and financial impact to your business. Most ransom requests now require payment in the form of bitcoin, a digital currency, with the starting amount ranging from several hundred dollars to several thousand dollars. Below are a few tips to help protect yourself from ransomware and other types of malware.
Don't open attachments that look suspicious. Ransomware operators have been sending emails from what look like trusted sources. If you are not expecting an attachment from a sender then you should refrain from opening any attachments contained in that message. Ransomware is primarily spread through the use of infected attachments or links in emails.
Don't click on links in emails that look suspicious or you don't know where they go. Links in emails have been used to send users to an infected site that will then infect the computer. It's best if you're unsure about a link to not click on it.
Ensure your security products are kept up to date. Make sure the antivirus solution you use is kept up to date with the latest virus signatures. AV vendors typically update virus signatures multiple times a day. As a managed services client, Integrity keeps your security products up to date automatically.
Backup important files. Backups are the best way to mitigate the damage done from a ransomware infection. The ability to restore from backups will save you from having to pay the ransom. This will get you back up and running in a quicker fashion as processing bitcoin transactions can take hours to days depending on the bitcoin exchange provider.
Restrict access to mapped drives. Ransomware not only affects the files on the infected computer but if drives are mapped will also affect those files. It is important to make sure that users only have access to the files and shares that they need access to. This will limit the impact and effectiveness of ransomware since it cannot encrypt files that it does not have access to.
Avoid running macros in Office applications. The newest variants of ransomware are taking advantage of Microsoft Word. The email you receive will contain a word attachment but the document is nothing but garbled text with a title that tells you to enable macros to read the content. Enabling the macro is where the ransomware infection originates from. Avoid enabling macros in Word, by default Microsoft deliberately disallows auto-execution of macros. This infection is relying on persuading you to enable macros.
Security awareness programs are becoming a crucial component of a sound security strategy for businesses. If you'd like to know more about how to help employees at your company become "protectors of information", contact Integrity for help. 309-664-8150 or firstname.lastname@example.org