Four tips on how to handle ransomware
Ransomware frequently makes headlines due to the havoc it can cause. If, however, you are well-informed and well-prepared, ransomware should only ever be, at worst, a minor inconvenience. With that in mind, here are four tips on how to handle ransomware.
Stay informed of the different types of ransomware
At present, there are three main forms of ransomware. These are scareware, lockware, and encryption ransomware. Of these three, only encryption ransomware has the power to cause any real damage. Scareware and lockware are essentially social-engineering tricks.
Scareware just sends a threatening message. Lockware does cause your computer to freeze, but this can be easily addressed if the victim keeps calm. This means that, as with scareware, the real power of lockware is in the message.
Learn how to deal with ransomware infections
You’ll know you’re being targeted by some form of ransomware because you’ll see a message on your screen demanding payment. You will not, however, necessarily know what type of ransomware it is.
The first point to check is whether or not your computer is frozen. If it is, you have lockware. Boot into safe mode and try installing an anti-malware program. If this doesn’t work, restore to a previous time point (or if you’re on a mobile device, do a hard factory reset).
If you can use your computer, then you have either scareware or encryption ransomware. In the beginning, it’s important to keep an open mind as to which it is as there is now scareware that pretends to be encryption ransomware.
Start by installing an anti-malware program and having it scan your computer. This will get rid of the infection. Then see if you have encrypted files. If you don’t, it was scareware. If you do, it genuinely was encryption ransomware. This means that either you have prepared well and can just restore your files and get on with work - or you are in serious trouble.
Prepare for encryption ransomware attacks
Preparing for a worst-case scenario is not defeatist, it’s accepting reality and it can save your business. In the context of encryption-ransomware attacks, “just” losing access to your files is now a best-case result. The real threat, these days, is data theft. The good news is that you can protect against both of these.
The way to protect against losing access to your data is to have a ransomware-proof data-backup strategy. The core of a ransomware-proof data-backup strategy is an off-site data backup. You can have a local data backup as well. They can be very convenient. You just have to be clear about the fact that any attack which can penetrate your production systems can almost certainly penetrate your local data backup as well.
Your off-site data backup needs to be both physically and logically separate from your main system. Ideally, you should have copies of data from different time points in case it takes some time before you realize you have been attacked. It’s also strongly recommended to scan your data backup for malware just in case the original infection is still lurking amongst the files you’ve backed up.
The way to protect against data theft is to ensure that sensitive data is kept encrypted. As an absolute minimum, you should encrypt any personally identifiable data. This includes any personally identifiable data you’ve collected from your own employees.
Encrypting data will not defeat encryption ransomware. It will, however, render the data useless for anything other than ransom. This is now a huge issue since encryption ransomware attacks are becoming increasingly aggressive. Even if you pay the ransom, your data may be sold anyway. If you don’t pay, your data may be sold in a very public manner or exposed on the internet purely to embarrass you.
Work to prevent ransomware attacks
The more ransomware attacks you can prevent, the less time you’ll have to waste scanning your system and restoring from a backup. Your key weapon in the fight against ransomware is a robust anti-malware product from a reputable cybersecurity company.
Specifically, you want a cloud-based solution with an integrated firewall. Any other functionality is a bonus. The reason that cloud-based solutions are preferable is that the vendor takes care of the update process. This saves you the hassle of downloading and installing updates, which will be very frequent. The reason you want an all-in-one solution is that this ensures that all the various functions will work together automatically, instead of needing to be configured to do so. As a bonus, they’re also very cost-effective.
Additionally, you need to ensure that you only use operating systems and applications which are still supported by their developers and that you promptly apply any security updates.
Please click here now to start your free 30-day trial of Comodo AEP.