Last month’s column introduced readers to ransomware, a form of malicious software developed to restrict user’s access to their data until a ransom is paid to a hacker in exchange for a decryption key to unlock the files. If you read last month’s column, you’ll recall that email is the most common way ransomware is distributed. This month’s column addresses two additional ways ransomware spreads in addition to strategies to defend against infection.
In addition to email, a common way ransomware makes its way to your PC is through “drive by downloads” from websites. A drive-by-download attack does not require a user to click on an attachment as with email delivery techniques. These attacks are the result of a sophisticated hacker who has embedded hidden code into the website. The code executes the download of ransomware to the user’s PC when the user merely visits the website containing the virus.
To avoid this type of attack, inspect website addresses thoroughly. Never click on a web link sent to you by email from an unknown sender (or, for that matter, from a known sender if the website address looks suspicious or the email in any way appears unusual). As a best practice, manually type website addresses into your browser. If you are not familiar with the site you are visiting, perform a web search for the company by name to ensure you are visiting its legitimate website rather than an infected fake.
Do not be fooled by thinking that malware can only be found on “shady” websites. Affiliate links on popular website have been known to contain malicious code. Last year during the summer Olympic games NBC.com was infected because of bad code inadvertently uploaded by a third-party advertiser. You must be diligent each and every time you surf the web.
It should go without saying that you should never, ever install software that you do not obtain through legitimate means. When you use pirated software, you are not only breaking the law and infringing on the copyright of the software manufacturer, but you are also putting yourself at serious risk of downloading ransomware.
How Do I Defend Against a Ransomware Infection?
There is not a product or service available today that can 100% protect you from a ransomware infection. The number of new malware variants engineered each day makes it impossible today for software developers to create a solution that can guarantee protection. Fortunately, there are steps you can take proactively to significantly reduce your risk of a ransomware infection.
Backup and Disaster Recovery:
First and foremost, you must be certain that you have adequate backups of your computer systems and data. Not all backup solutions are created equal. You must consider what you are backing up, how often you are backing up that data, and most importantly, you must test your backups. A backup report that shows no faults is not a guarantee that your data is adequately protected from disaster. You must know with certainty that your backup system will prevent you from having to pay the ransom associated to a ransomware attack. The only way to be certain of this, is to test your system. Do not wait until you have to restore a backup to learn whether or not you were adequately protected.
Finally, you must have a clear understanding of where your backups are stored and who can access them. Ransomware infects all files accessible to the user who initiates the infection. Are your backups at risk of infection?
Train Your Staff
Your employees are your computer network’s most significant liability. A recent Verizon wireless survey showed that 30% of email users will open a phishing message they receive and 12% of targets will open a malicious attachment or click on a malicious link. Think about that. How many employees do you have in your organization? One out of twelve of those individuals will unwittingly expose your workplace to ransomware (even with training).
You must train and retrain your staff often. Make cyber security part of your workplace culture. Your goal with training is to help people who are ignorant become better informed about the consequences of their actions.
Create policies and procedures regarding the use of IT resources, especially email. Ensure you provide adequate training to your staff about those policies. Give your employees real life examples the ways they can be fooled by cyber criminals. Teach them how to verify the emails they receive are valid and best practices for handling emails related to social media requests.