Ransomware is a form of malware that criminals find a way to install on our systems. What “ransomware” does is encrypt the data on a hard drive and make it unavailable until you pay a fee (ransom). The ransom pays for a the key to decrypt the data.
Ransomware is like many other forms of malware and usually makes its way into our systems by downloaded files or by a vulnerability in the system or network. Ransom is most often requested by the cyber criminals in the form bitcoin, a popular and mostly untraceable internet currency. A timeline is given (usually 4 days) to make a payment and if the demands are not met in time the price increases.
Here are some ways to prevent Ransomware on your systems:
- Ransomware can be distributed in Microsoft Office documents. Do not enable macros for Microsoft Office Documents received from emails. Microsoft has just released a new tool in Office 2016 that can limit the functionality of macros by preventing you from enabling them on documents downloaded from the internet.
- Alternatively, install Microsoft Office Viewers, these applications do not support macros and will allow you to view the files ithout actually opening them.
- Make sure you have anti-virus software in place and make sure that this software is always up to date. Home users can download Sophos for free.
- Make sure to regularly implement security patches to all software/applications on systems at the operating system level, MS Windows and Mac OSX both have an automatic update feature that can be enabled to force this to happen on a regular schedule.
- Do not download documents from websites or from peer to peer applications. Stick with applications that have a good background and avoid downloading from 3rd parties.
- Beware of phishing attacks. Always take caution when clicking links in email, and be sure to check the email address of the sender to make sure that the address is exactly what you expect it to be. Don’t open unsolicited attachments sent to you via email.
- Make your best effort to keep your network secure by putting firewall, and intrusion detection systems in place. Close ports that are not necessary for systems to function.
- Conduct recurring IT Security training for employees to reinforce these concepts.
There are other things you and your company can do:
- Recurring backup of your data. Depending on how much you use your computer and its files, daily backups are typical in a business environment.
- Constant network monitoring can be costly but it can mitigate these types of attacks by detecting and preventing them. Many enterprise systems are protected by firewalls and Intrusion Detection Systems that can detect and block the outgoing “phone home” that starts the ransomware encryption. Keeping an eye on these systems in real time can help detect and prevent an attack.
- Show hidden file-extensions on your local computer if they are masked by default. This technique can help reveal files that are not supposed to be on the system. Your IT Service Desk can help you if you don’t know how to do that. Make sure the file extension matches the file type (MS Word documents end in .doc or .docx for instance)
- Your IT department can turn off USB ports and removable storage. This will cancel out the chance of someone downloading the software to your systems via and infected USB Flash Drive.
Overall you should take the same preventative precautions as you would to prevent any other virus. When in doubt, ask your IT or Information Security department for advice.