One of the most aggressive forms of cyber attacks developed in recent years has been ransomware. It’s pretty simple: a small piece of software that is designed to seek out and encrypt anything it can access for files. It hides in plain sight and may look like an email or any executable file on the net. Once you download and install it, it quickly encrypts your life or business and demands money to decrypt them again. The catch? If you pay the ransom, you are sometimes able to get your files back. The problem is, like most businesses, a successful model means the money you pay goes to help the company make a better product and ensure they will be around long term.
Like with most viruses, the strategies that work best are education, a great backup process, keeping your systems patched and updated, and having a decent anti-virus/anti-malware solution. In my experience, education has been the best strategy.
Informed users are better equipped to identify and avoid things that might not seem right. Those users are not going to be downloading and installing random software and games from sources they didn’t go out and find themselves at the app stores or download sites. They are going to be able to spot the difference between a web page popup and a legitimate error message from their computer’s operating system. They are also going to be able to understand what to do when something fishy is going on with their computers. Taking the time to educate all of your users is a daunting task, but in the end, it will save you time and money.
A great backup solution will help mitigate the more aggressive and sneaky programs that might be accidentally or, in rare cases, intentionally installed by a user. Most of our clients that are running the latest backup technologies have backups that run incrementally, as frequently as every 30 minutes. The last few ransomware-infected clients have been able to recover the encrypted files in a very short period of time without much additional cost, simply by restoring the affected files after the ransomware was removed.
Keeping your systems patched and updated with the latest security updates helps to minimize the number of ways a piece of ransomware might be able to affect your systems. With the advent of Windows 10, these updates are available much more frequently than in the past, and most often are installed automatically without having to interrupt your day. With older operating systems like Windows 7, it’s vital to have a consistent approach to installing patches to ensure your users are able to work efficiently and securely.
Lastly, having a good anti-virus/anti-malware product on your system will help catch or block much of the more common malicious software. As scanning technologies continue to improve, they are getting better at identifying suspect software in real time. There are many top-tier security software suites available. Find one that works best for you and manage it closely.
Even one infected system with the right access credentials could encrypt your entire life or business. Take the time to educate, backup, patch, and virus-scan your environment regularly, or find someone that can do it for you. Without it, you could end up paying a huge sum of money out to criminals, ensuring others run into ever more powerful ransomware.
Editor’s Note: This blog post was originally published in February 2016. With the unprecedented reach of the WannaCry attack making headlines this week, the topic of avoiding ransomware is more relevant than ever before. For more information about patching your workstations, visit ITx for Workstations or contact TPx for a consultation.