Are You Ready for Ransomware? Some Common-Sense Suggestions

Do you know the signs, exploits, or attacks that could bring down your organization’s systems?

Most IT professionals feel confident in being able to recognize an attack, but your users may not know all the signs – or the ways to avoid them!

So here are a few common-sense tips for you – and your users! – to get ready for ransomware.

For your users

There are a few common ways cyber attackers try to hack not just systems, but people. Beware these tactics that might trick you into agreeing to infect your computer.

Learn to identify a suspicious email

So what exactly is a suspicious email? It is more than just spammy junk mail or the obvious scams.

There are a few typical forms:

  1. The email will pose as a site or app that you use – e.g. Dropbox, your HR department
  2. It might appear to come from a coworker. Or a vendor. Or a boss. But something seems off about it.
  3. It might pose as the IT Help Desk, asking you to update your email password.

No matter how the email arrives, there are a few ways you can deal with it:

  1. Contact the person or department who sent you the email – but don’t “reply to” their email address. Instead, use a secondary form of communication to contact them. Text them, phone them, send them a tweet – but verify that they sent the email.
  2. If the boss asks for a big-money transfer and you can’t (or don’t feel comfortable) getting in touch with them, check with other VPs to be sure.
  3. If there is a link to a website with an account portal for logging in, don’t just trust that it looks like a portal you’ve used before. Check the URL address to see if there is https or http. If it is http, you are in trouble. The biggest signifier of a “look-alike” site is that it won’t be secured (you won’t see the “s”) – it is much harder to fake a website if you have to secure it.
  4. See a Microsoft Word or Excel attachment? Don’t open it until you know where it’s from. Hackers can put scripts into common Microsoft documents that will execute programs and open your computer to attacks.
Identify Malvertising

We all know how annoying pop-ups are. But that is not the only way you will see cyber attackers use online marketing tools for their own ends. In 2018, malware doubled in Google Play thanks to click-fraud ads.

Malvertising applies not just to banner ads or pop-ups – it is appearing more and more in SEO results, such as paid ads on Google, using your own search results against you.

Regardless of which way malvertising shows up, there are several steps you can take to prevent it from tricking you:

  1. Use an adblocker.
  2. Make sure you are using antivirus software – even if you are on a Mac!
  3. Keep your plugins or extensions in your browser updated. They are easy, weak spots that hackers will exploit, but if you have the latest version, you are likely to be protected against most of the already known weaknesses.
  4. This goes ditto for your browser – keep it up to date!

And the last – but most important – thing you can do to stay on top of ransomware is listening to your IT team! They have your back, and they want to keep everyone safe.

So now that the front line is ready and aware of the kinds of attacks out there, it’s time to check on things from the IT side.

For IT

It’s your job to cover your bases – and plan for the worst. So where do you start? Take a look through this list to make sure you have thought of everything.

Are you confident in your ransomware recoverability?

This may seem like an obvious question but many people think backup software protects from ransomware, and sadly it doesn’t. Ransomware can infect your backups as well as your main systems.

Do you keep some backups offline?

If you know you have proven, clean, recoverable backups, store some offline so they won’t get infected.

Do you have a disaster recovery plan that includes attacks from ransomware?

Natural disasters aren’t the only threat that can wipe out an entire data center. When ransomware hits, it’s pay big or lose big – and in some cases, even if you do pay, you still won’t be able to recover your data. So what do you do?

Make sure your data is safe, replicated, immutable, and with some regular backups stored offline, at another site, or on another network.

Once you are trying to recover, you need to make sure your backups have been tested and are recoverable. Mishandling a recovery can lead to corrupted data, which may be just as bad as the encryption from the ransomware.

Bottom line: make sure you are using the right software to keep your data safe.

Educate your users 

And be sure to keep sending those friendly reminders to your users. You can even bribe them with doughnuts to attend your ransomware training.

They are the first line of defence (or weakness) against a ransomware attack, and they are your best bet to stay safe (or get infected), so be sure to keep them on the side.

Last but not least – updates!

Make sure your OSs are fully up to date with the latest security updates – neither WannaCry nor NotPetya could have spread if companies’ Windows Server OS were fully up-to-date.

Final thoughts

Most ransomware attacks begin with phishing or other exploits aimed at getting you to take a specific action, such as clicking a particular URL or enabling a certain program. When you and your staff are trained to recognize these attacks, you won’t be so vulnerable.

But even if the training isn’t perfect, you can defend yourself against ransomware! Use the common-sense steps above to avoid an attack in the first place.

If you want to protect your data, check out our Ransomware solution to find out how ioFABRIC can help!