A system infected with ransomware can be difficult to recover unless reliable data backups are available. Ransomware is often distributed by cybercriminals through phishing emails as .exe or .zip attachments. Once the file is downloaded and executed, the ransomware encrypts the data on the system.
By design, the ransomware makes it impossible for anyone to use the system until payment to the cybercriminal is made. Ransomware can also infect an entire network, encrypting data stored within a networked server. Websites and suspicious web links are other ways cybercriminals distribute ransomware.
Even if reliable backups and restoration methods such as imaging are available, preventing ransomware attacks is the preferred line of defense.
Earl Foote, a cybersecurity expert in Park City, Utah shares some of his insights into the prevention of ransomware.
Prevention Methods
Public and medical organizations are at the highest risk of being attacked since these organizations are high-profile, are often underfunded, and handle sensitive data. However, small and medium-sized businesses are also subject to an increased risk of being attacked. Cybercriminals are aware organizations of this size may not have the business IT services team in place or the IT resources to be as vigilant about defense. Fortunately, there are some common sense and practical ways to protect users and organizations against attacks.
First, if systems are infected with ransomware it is never a good idea to pay. By paying the ransom, the cybercriminal gets rewarded and payment is not a guarantee that the systems will return to normal. Formatting the hard drive and restoring the system from a reliable backup is the only way to ensure the system will be fully functional. Avoid relying on cloud backups as this data can be easily targeted by cybercriminals. The best practice is to backup data on physical drives and control access to those drives. Only the necessary IT staff should have access.
Second, educate users about phishing emails and tactics. IT administrators can block and filter out the exchange of .exe and .zip files, but this is not always practical for every organization. Let users know what phishing emails and social engineering tactics look like. Advise them not to give out personal information, click on suspicious links, or download suspicious files.
Third, use a firewall and a reputable anti-virus program. Ensure all systems and devices are constantly protected, periodically scanned, and updated with the latest security patches. Before installing or deploying an anti-virus program, make sure it is recommended, reputable, and can provide the level of protection your organization needs. Unfortunately, some malware applications are disguised as anti-virus programs. Besides an anti-virus program, add web-filtering software to provide an additional layer of protection.
Fourth, use email filtering and content scanning to help identify and block suspicious emails. Filtering and scanning applications can pinpoint emails that contain known attack methods and known malicious content. By blocking the content, users will not be able to accidentally download ransomware, click on the damaging web links, or reply with sensitive, personal information.
Fifth, only give users the permissions they need. Most users will not need administrative access to a device or need access to all network files and folders. All users should also be encouraged to refrain from using public Wi-Fi networks when working away from the office. If they must connect using a public network, a VPN connection should also be used.
Ensuring the integrity and safety of your organization’s data is easier when ransomware prevention methods are put into place. If it is more difficult for cybercriminals to target your organization, they will not be able to reap the rewards they seek. Prevention can also cost your organization less by saving the time it takes to restore your data and reputation.