Avoid Being Held Hostage! Ransomware: What Is It and How Can I Protect Myself?

As technology constantly evolves, we find ourselves facing ever more disruptive threats. That’s why it is absolutely critical we remain diligent in protecting ourselves from new dangers and stay proactive in our security posture.

An increasingly prevalent computer threat is ransomware.

Ransomware is designed not to corrupt or even steal your data but to hold it hostage and require payment of a “ransom” to get it back. Two widespread examples are CryptoLocker and CryptoWall. Based on FBI estimates between April through June 2015, the latter generated over $18 million for its perpetrators.

Commonly, ransomware comes as a harmless-looking email attachment from what appears to be a trusted source. When the unsuspecting user clicks the attachment, it installs a small program that immediately searches for your data on local drives, network shares, and even cloud-based storage. Once found, the data is encrypted, rendering it inaccessible. Attempts to access your files result in a prompt to pay a ransom to “unlock” the data and reverse the encryption.

This devastating program was depicted in an episode of CBS’s drama, The Good Wife. An employee unknowingly installs ransomware within the firm’s network, locking all the information at a law firm until a ransom of $50,000 is paid within 72 hours. In reality, typical ransom fees are lower but no less devastating for a company that can no longer access any of its critical data.

Imagine how disruptive this is for businesses in this predicament. In many cases, companies with no disaster recovery plan find themselves paying the ransom. As reported by this Wall Street Journal article, according to Tom Kellermann, chief cybersecurity officer for Trend Micro, Inc., “Around 30% of ransomware victims pay to regain their data.”

All of this underlines the importance of having high quality, up-to-date computer security implemented within your IT infrastructure.

What can you do to protect yourself? Here are seven tips:

  1. Educate everyone using devices attached to your business’s network of the issue (you can forward this article to them right now!).
  2. Use caution when interacting with email. Delete anything suspicious. When opening attachments, check the sender’s email address first. If it looks dubious, verify its legitimacy prior to opening. If it doesn’t feel right, it probably isn’t!
  3. Exercise extreme caution prior to clicking website popups even if they appear legitimate. If you’re unsure, ask for a second opinion. Better to be safe than sorry.
  4. Only download and install browser plugins and extensions from industry standard, verified sources.
  5. Install computer and network security software that includes regularly updated anti-malware, antivirus, email scanning, and web/content filtering capabilities. The combination of multiple security products designed to handle particular threats provides the best protection.
  6. Keep all computers’ operating systems and applications current with the most recent patches and security updates.
  7. Implement (and regularly audit) a backup strategy that offers a short recovery time and flexible file restore options. This is often the most neglected area by businesses though it’s one of the most important – especially in the case of a ransomware attack. A good backup strategy gives you the ability to quickly restore data to a known good state prior to the infection, avoiding the need to pay a ransom.

If you have a security question, please call us at 314.394.3001 to discuss this topic in-depth. Whether it’s for your network, computers, or mobile devices, we at Anderson Technologies are here to help you find not just any solution for your security needs but the best solution for your business.

Like this article?  If so, check out another article here: Data Security: Just How Secure Will Your Business Be in 2016?