How to protect yourself against ransomware and other malware
Out of all the forms of malware from which you need protection, ransomware has to be one of the worst. The infection itself is usually a fairly minor inconvenience. The real problem is what it can do to your data and what that can mean for your business.
There are three main forms of ransomware
The three main forms of ransomware are scareware, lockware, and encryption ransomware. Scareware and lockware mainly target consumers as they are essentially social-engineering exploits. They are usually easy to remove and once they are gone, that is the end of the matter.
Encryption ransomware, by contrast, usually targets companies as they are more likely to have data they need to protect. As its name suggests, encryption ransomware really does encrypt your data. It is usually fairly easy to remove, but removing the source of infection does not undo the damage it has caused.
Dealing with a ransomware infection
You’ll know you have a ransomware infection because you’ll get a message demanding a ransom. Ignore it for now and see if you can install an anti-malware program. If you can, have it scan your computer. If you can’t, you’ll need to boot into safe mode. Once you’re in safe mode, try installing an anti-malware program and having it scan your computer, but if you still can’t restore to a previous time-point and then install an anti-malware program and have it scan your computer to make sure that any lingering traces of malware are completely eliminated.
Now, look at the ransom note. If it references anything other than encrypted files, you had either scareware or lockware and can now consider the matter resolved. If it references encrypted files you have either genuine encryption ransomware or scareware pretending to be encryption ransomware.
Usually, the simplest way to check this is to find a ransomware identifier and have it analyze the ransom note. If this doesn’t work, you can try scanning your files to see if you can identify anything amiss or checking for user reports of problems accessing data.
Preparing for encryption ransomware attacks
While it’s strongly advisable to pay close attention to IT security, the fact still remains that you are never guaranteed to be 100% safe from ransomware. This means that you have to think in terms of being prepared for ransomware attacks, even though you should still do your best to prevent them. Encryption ransomware attacks present two main dangers. The first is data theft and the second is the loss of access to your data.
Ransomware itself does not steal data, but if a cyberattacker can get past your defenses to plant ransomware then they can also steal your data. The way to protect against this is to make sure that any sensitive data is stored encrypted across all systems (production, backup, and, if relevant, staging).
As a bare minimum, ensure that all personally identifiable data is stored encrypted as this is usually subject to legal/regulatory protections. In other words, if you fall victim to a Ransomware attacks and this results in personally identifiable data being stolen, you are probably more likely to get into trouble with the law than the perpetrators. It’s unfair, but it’s one of the harsh realities of ransomware.
You also need to ensure that you have a ransomware-proof data-backup strategy. The cornerstone of this is an off-site data backup, which is physically and logically separate from your main system. It’s absolutely fine to have this in the cloud, in fact, it can be very convenient. It just needs to be in a different cloud from your main system.
It’s fine to use automated backups to keep your local data backup as fresh as possible. For your off-site data backup, however, it is safer to scan the data before you transfer it, to give yourself the best possible chance of picking up on any issues, such as unexplained encryption. Even so, you should ideally keep backups from different time points in case you have to deal with slow-acting ransomware, which aims to penetrate your off-site backup by stealth.
If you do have to restore your data after an encryption ransomware attack, then scan it beforehand just to make sure that it really is completely clear of any infection.
Preventing encryption ransomware attacks
The more encryption ransomware attacks you can foil, the less business interruption (read downtime and loss of productivity) you’ll experience. Preventing ransomware attacks involves a combination of general IT security (in particular keeping operating systems and applications updated) and a robust anti-malware solution from a reputable cybersecurity company.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response