What Is It?
You’ve heard that you must protect your business against randomware. It’s an insidious type of malware that encrypts, or locks, valuable digital files. Then it demands a ransom to release them.
How Does It Attack?
In a ransomware attack you see an email addressed to you. So you open it, or click on an attachment that appears legitimate. It could look like an invoice or an electronic fax.
Unfortunately, it actually contains the malicious ransomware code. Or, the e-mail might contain a legitimate-looking URL. However, when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
Then, the malware begins encrypting files and folders on local drives. It can also attack any attached drives, backup drives, and potentially other computers on the same network.
How Can I Tell?
Users and organizations are generally not aware they have been infected until they can no longer access their data. Or, until they begin to see computer messages demanding a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom. Further, they often demand bitcoins for anonymity.
What Should I Do?
The FBI does not recommend paying the ransom. That’s because there’s no guarantee you will get the encryption key after you pay. They do recommend the following tips:
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices. This is easier through a centralized patch management system.
- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts. Keep to an absolute minimum.
- Configure access controls, including file, directory, and network share permissions appropriately. Limit write-access to files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Prevent programs from executing from common ransomware locations. Examples include temporary folders supporting popular Internet browsers and compression/decompression programs.
- Back up data regularly and verify the integrity of those backups regularly.
- Secure your backups. Disconnect them the computers and networks they are backing up.
There’s no way to 100% secure yourself from attack. However, if you follow these tips, it should help you to protect your business against ransomware.