Protect yourself against ransomware: back up, educate, patch, contain

Founder, Privacy PC

Author Bio ▼

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.
December 7, 2016

Download

Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Ransomware operations are so rewarding in terms of hard cash that infosec specialists point out that regular cyber criminals are abandoning old methods of earning money like credit card fraud and stealing bank account info.

Lawmakers are correspondingly focusing more on these cyber extortionists.

I’m afraid, however, that we shouldn’t really rely on the authorities to protect us. Any one of us is still basically alone in combating ransomware strikes, whereby hackers encrypt our computers or valuable files in the hope we pay a ransom to get our data back.

You may choose to pay out, as many victims do. The FBI has said that people who informed the Bureau of ransomware episodes added about $24m to cyber criminals’ coffers in 2015.

Yet even if you’ve copied all your data to the offline backup in secure storage and decide not to send pay hackers, your damages will still include the price of cleaning devices and systems and recovering backup data. The latter may take several days or even weeks, varying with the size of the network.

Nevertheless, you aren’t entirely vulnerable to the whims of hackers. Below are some simple recommendations on steps to follow to safeguard yourself and your organisation.

Any business or organisation that relies on constant use of crucial data and literally can’t survive if it loses access to that data – even for the shortest period of time needed to react to the breach – should be most worried about the ransomware threat

First things first, what kind of organisations tend to be targeted for ransomware attacks?

Any business or organisation that relies on constant use of crucial data and literally can’t survive if it loses access to that data – even for the shortest period of time needed to react to the breach – should be most worried.

That is why hospitals, banks, police departments, airlines and other institutions need to be the most alert to possible threats.

Any big company or public institution is also in danger, as well as critical infrastructure, to some degree. For example, ransomware might damage the Windows systems that water and power plants employ to keep track of their operations.

Home computer users are also vulnerable to ransomware.

If you prefer to backup to on-site storage or servers rather than cloud storage, they must be offline and not linked to desktop computers

Back up

The ideal protection against ransomware would be to outsmart hackers by not becoming susceptible to their threats. What this means is backing up valuable data files each and every day so that even if your PCs or servers get encrypted, you won’t be compelled to pay to get your files or systems back.

Many ransomware authors look for backup drives and devices to encrypt them too by initially obtaining access to desktop computers then travelling through your environment to reach the backup servers.

So if you prefer to backup to on-site storage or servers rather than cloud storage, they must be offline and not linked to desktop computers.

With clear, correct instructions and regular training it’s possible to drastically reduce the incidence or risk of online breaches

Many people keep files on network shares, unaware that network shares are as exposed as your desktop computer during a ransomware incident. In case the backup is achieved offline, and that place is not accessible from the computer that is initially compromised, then you’re alright.

The same principle applies if you carry out your personal PC backups with a secondary physical drive. Those disc drives need only be in touch with your computer when conducting backups and turned off immediately after that.

In the event your backup disc is linked to the computer during the period the ransomware operates, then it might get encrypted too.

Backups won’t automatically make a ransomware incident pain-free, as it can take days or weeks to recover data, potentially disrupting business processes.

Some healthcare institutions decide to pay the ransom simply because patients’ lives are at risk and even short downtime is considered unacceptable.

User awareness training

Phishing is a popular form of bait when it comes to infecting computers. The hackers spam you with messages with infected attachments and lure you to click on a web link that leads you to a hacked website from which ransomware can infect your computer with the help of an exploit kit.

Malvertising is another highly effective infection vector. This means hacking into an ad network and embedding a virus in advertisements that get served via websites you respect and know very well.

Ad blockers, which are browser plugins, can help block those harmful ads. Patching web browsers is an important step to keeping malware at bay too.

Imitation ransomware attacks have seen the number of workers clicking on phishing links plummet from 16% to 1% in some organisations

Cyber security professionals generally recommend that organisations provide training to their employees on how to recognise phishing emails and scan email attachments for viruses prior to opening them.

With clear, correct instructions and regular training it’s possible to drastically reduce the incidence or risk of online breaches.

You could even bombard your workers with fake, harmless phishing attacks to test their vigilance and turn it into a game.

Why not make it a routine element of corporate life? Imitation ransomware attacks have seen the number of workers clicking on phishing links plummet from 16% to 1% in some organisations.

Patch

Employees should not be regarded as the final defence line. Your users may still periodically click on attachments or visit compromised websites. When that occurs, you need to be sure that your security software safeguards you.

There are numerous end-point security solutions built to defend computer systems from the latest virus attacks. To detect viruses, these solutions use behavioral analyses to identify unusual moves and connections within your environment.

However, no security product or service is perfect, so businesses might take additional security steps to stay safe. These steps include: software patching, updating operating systems some of these security measures:

  • During an online attack, cyber crooks take advantage of security holes in third-party plug-ins like Flash and Java, so it’s crucial to keep those updated.
  • Whitelisting computer software operating on devices is also an effective method for preventing breaches because the lists won’t allow your PC to run any software or code that’s not previously authorised. IT personnel initially examine a computer to list the trustworthy software programs, after which they configure it to stop executables from launching and installing.
  • System admins can implement techniques that restrict system permissions and user privileges with an admin’s password.
  • You might also want to segment use of valuable data with supplementary servers. Instead of allowing a large number of workers to reach files on just one server, you can divide staff members into small sets, so if one server becomes encrypted by ransomware, it won’t impact all employees and all data. This strategy means hackers have to work harder to cause substantial damages, because they must discover and encrypt several systems and servers instead of one.

Contain

When Washington-based healthcare giant MedStar Health was attacked by ransomware in March 2016, their admins instantly turned off most of the organisation’s operations and networks to stop the virus from distributing. Not only should you disconnect and shut down affected devices, but you must also deactivate all Bluetooth and Wi-Fi on the rest of computers to restrict the virus from dispersing to other devices.

Following that, you should identify what strain of ransomware infected you. In case it’s a known type, antivirus firms might have decryptors to assist you in freeing up important data files without spending money.

But if you haven’t backed up your data and can’t find a solution to break the encryption, the only way to retrieve your files is to pay hackers the ransom.

Bottom line

Old-fashioned hacks were much less painful for users. People cleaned their machines and just moved on.

But ransomware can quickly ruin businesses. Home users can lose all their family photos. It’s easy to see with so much at stake why so many victims pay out.

Computer security experts tend to urge people not to pay the ransoms because it only motivates other hackers and feeds this crime economy. But when your own data is not at stake, it’s hard to insist that someone should not pay out.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments