Definitive Guide For Preventing and Detecting Ransomware

Ransomware has become a lucrative tactic for cybercriminals.

No business is immune from the threat of ransomware.

When your systems come under ransomware attack, it can be a frightening and challenging situation to manage. Once malware infects a machine, it attacks specific files—or even your entire hard drive and locks you out of your own data.

Ransomware is on the rise with an increase of nearly 750 percent in the last year.

Cybercrime realted damages are expected to hit $6 trillion by 2021.

The best way to stop ransomware is to be proactive by preventing attacks from happening in the first place. In this article, we will discuss how to prevent and avoid ransomware.

What is Ransomware? How Does it Work?

All forms of ransomware share a common goal. To lock your hard drive or encrypt your files and demand money to access your data.
Ransomware is one of many types of malware or malicious software that uses encryption to hold your data for ransom.

It is a form of malware that often targets both human and technical weaknesses by attempting to deny an organization the availability of its most sensitive data and/or systems.

These attacks on cybersecurity can range from malware locking system to full encryption of files and resources until a ransom is paid.

A bad actor uses a phishing attack or other form of hacking to gain entry into a computer system. One way ransomware gets on your computer is in the form of email attachments that you accidentally download. Once infected with ransomware, the virus encrypts your files and prevents access.
The hacker then makes it clear that the information is stolen and offers to give that information back if the victim pays a ransom.
Victims are often asked to pay the ransom in the form of Bitcoins. If the ransom is paid, the cybercriminals may unlock the data or send a key to for the encrypted files. Or, they may not unlock anything after payment, as we discuss later.

How To Avoid & Prevent Ransomware

Ransomware is particularly insidious. Although ransomware often travels through email, it has also been known to take advantage of backdoors or vulnerabilities.

Here are some ways you can avoid falling victim and be locked out of your own data.

1. Backup Your Systems, Locally & In The Cloud

The first step to take is to always backup your system. Locally, and offsite.

This is essential. First, it will keep your information backed up in a safe area that hackers cannot easily access. Secondly, it will make it easier for you to wipe your old system and repair it with backup files in case of an attack.

Failure to back up your system can cause irreparable damage.

Use a cloud backup solution to protect your data. By protecting your data in the cloud, you keep it safe from infection by ransomware. Cloud backups introduce redundancy and add an extra layer of protection.

Have multiple backups just in case the last back up got overwritten with encrypted ransomware files.

2. Segment Network Access

Limit the data an attacker can access with network segmentation security. With dynamic control access, you help ensure that your entire network security is not compromised in a single attack. Segregate your network into distinct zones, each requiring different credentials.

3. Early Threat Detection Systems

You can install ransomware protection software that will help identify potential attacks. Early unified threat management programs can find intrusions as they happen and prevent them. These programs often offer gateway antivirus software as well.

Use a traditional firewall that will block unauthorized access to your computer or network. Couple this with a program that filters web content specifically focused on sites that may introduce malware. Also, use email security best practices and spam filtering to keep unwanted attachments from your email inbox.

Windows offers a function called Group Policy that allows you to define how a group of users can use your system. It can block the execution of files from your local folders. Such folders include temporary folders and the download folder. This stops attacks that begin by placing malware in a local folder that then opens and infects the computer system.

Make sure to download and install any software updates or patches for systems you use. These updates improve how well your computers work, and they also repair vulnerable spots in security. This can help you keep out attackers who might want to exploit software vulnerabilities.

You can even use software designed to detect attacks after they have begun so the user can take measures to stop it. This can include removing the computer from the network, initiating a scan, and notifying the IT department.

4. Install Anti Malware / Ransomware Software

Don’t assume you have the latest antivirus to protect against ransomware. Your security software should consist of antivirus, anti-malware, and anti-ransomware protection.

It is also crucial to regularly update your virus definitions.

5. Run Frequent Scheduled Security Scans

All the security software on your system does no good if you aren’t running scans on your computers and mobile devices regularly.

These scans are your second layer of defense in the security software. They detect threats that your real-time checker may not be able to find.

6. Create Restore  & Recovery Points

If using windows, go to the control panel and enter in System Restore into the search function. Once you’re in System Restore, you can turn on system protection and create regular restore points. You should also create restore points.

In the event you are locked out, you may be able to use a restore point to recover your system.

7. Train Your Employees and Educate Yourself

Often, a ransomware attack can be traced back to poor employee cybersecurity practices.

Companies and individuals often fall victim to ransomware because of a lack of training and education.

Ransomware preys on a user’s inattentiveness, expecting an anti ransomware program to do their jobs for them. Nothing protects a system like human vigilance.

Employees should recognize the signs of a phishing attack. Keep yourself and your employees up-to-date on the latest cyber attacks and ransomware. Make sure they know not to click on executable files or unknown links.

Regular employee security awareness training will remind your staff of their roles in preventing ransomware attacks from getting through to your systems.

Stress the importance of examining links and attachments to make sure they are from a reliable source. Warn staff about the dangers of giving out company or personal information in response to an email, letter, or phone call.

For employees who work remotely, make it clear that they should never use public Wi-Fi because hackers can easily break in through this kind of connection.

Also, make it clear that anyone reporting suspicious activity does not have to be sure a problem exists. Waiting until an attack is happening can mean responding too late. Have an open door and encourage employees to express concerns.

8. Enforce Strong Password Security

Utilize a password management strategy that incorporates an enterprise password manager and best practices of password security.

According to background check service Instant Checkmate, 3 out of 4 people use the same password for multiple sites . More staggering is that one-third use a significantly weak password (like abc1234 or 123456. Use multiple strong passwords, especially for sensitive information.

9. Think Before Clicking

If you receive an email with the attachments .exe, .vbs, or .scr, even from a “trusted” source, don’t open.

These are executable files that are most likely not from the source you think it’s from. Chances are the executables are ransomware or a virus. Likewise, be especially vigilant with links supposedly sent by “friends,” who may have their addresses spoofed. When sent a link, be sure the sending is someone you know and trust before clicking on it. Otherwise, it may be a link to a webpage that may download ransomware onto your machine.

10. Set Up Viewable File Extensions

Windows allows you to set up your computers to show the file extensions when you look at a file. The file extension is the dot followed by three or four letters, indicating the type of file.

So, .pdf is a PDF file, .docx is a Window’s Word document, etc. This will allow you to see if the file is an executable, such as a .exe, vbs, or .scr. This will reduce the chance of accidentally opening a dangerous file and executing ransomware.

11. Block Unknown Email Addresses and Attachments On Your Mail Server

Start filtering out and rejecting incoming mail with executable attachments. Also, set up your mail server to reject addresses of known spammers and malware. Icann has listings of free or low-cost services which can help you do that.

If you don’t have a mail server in-house, be sure that your security services can at least filter incoming mail.

12. Add Virus Control At The Email Server Level

Most attacks start with a suspicious email that a victim is fooled into opening. After opening it or clicking on a link, the virus is unleashed and can do its dirty work.

Installing anti-virus and malware software on your email server can act as a safeguard.

13. Apply Software and OS patches ASAP

Malware often takes advantage of security loopholes and bugs within operating systems or software. This is why it is essential to install the latest updates and patches on your computers and mobile devices.

Staying with archaic versions is a guaranteed way of making your systems and their data a target. For example, the ransomware worm, WannaCry, took advantage of a security breach in older versions of Windows, making computers that had not been patched vulnerable. WannaCry spread through the Internet, infecting computers without a patch — and without user interaction. Had the companies that were attacked by WannaCry kept their computer operating systems up to date, there would’ve been no outbreak. A costly lesson for users and companies.

14. Block Vulnerable Plug-Ins

There are many types of web plug-ins that hackers use to infect your computers. Two of the most common are Java and Flash. These programs are standard on a lot of sites and may be easy to attack. As a result, it is important to update them regularly to ensure they don’t get infected by viruses.

You may even want to go the extra step of completely blocking these programs.

15. Limit Internet Connectivity

If you have genuinely critical data, your next step may be keeping your network private and away from the Internet entirely.

After all, if you don’t bring anything into your network, your computers are unlikely to have ransomware downloaded to them. This may be impractical seeing that many companies rely on the Internet and email to do their business, but keeping Internet access away from critical servers may be a way to combat ransomware and viruses.

How to Detect Ransomware

Unfortunately, if you have failed to avoid ransomware, your first sign might be an encrypted or locked drive and a ransom note.

If you run your malware and virus checker frequently with updated virus and malware definitions, your security software may detect the ransomware and alert you to its presence. You can then opt to quarantine and delete the ransomware.

What to Do If Your Computer Is Infected With Ransomware

Hopefully, you never have to deal with your data being held hostage.

Minimize damage by immediately isolating the machine — this critical to prevent further access to your network.

At this stage, rebuild your system and download your backups.

You may be able to recover many resources with a system restore. That is if you can access the system and are not locked out of it.

Otherwise, you’ll have to reinstall everything from backups. If you’ve backed up your crucial data on a cloud server, you should be able to find a safe restore point.

Should You Pay the Ransom?

You may be tempted to pay the ransomers to get your data back.

This is a terrible idea.

According to a Symantec ransomware report, only 47% of people who pay the ransom get their files back.

Every time someone pays the ransom, criminals gain more confidence and will likely keep hurting businesses.

Not only will you encourage them to continue, but you have no idea if they will free your computer. What’s more, even if they release your data, they may still use your information.

In other words, don’t pay. You’re stuck with making a bad situation even worse by paying the ransom. The data is gone (unless you have backups) and, if you pay them, your money is likely gone for good as well.

To quote FBI Cyber Division Assistant Director James Trainor:

“The FBI does not advocate paying a ransom to an adversary. Paying a ransom does not guarantee that an organization will regain access to their data. In fact, some individuals or organizations were never provided with decryption keys after paying a ransom. Paying emboldens the adversary to target other organizations for profit and offers a lucrative environment for other criminals to become involved.”

Finally, by paying a ransom, an organization is funding illicit activity associated with criminal groups, including potential terrorist groups, who likely will continue to target an organization.

Have a Disaster Recovery Plan

Proactive ransomware detection includes active incident response, business continuity, and a plan for disaster recovery.

A plan is essential and should be the cornerstone of a company’s security strategy.

• Set up a communication plan detailing who should contact who.
• Determine what equipment you would need to rent or buy to keep operations going. Plan for your current hardware to be unavailable for days.
• Write explicit instructions on where data is stored and how to retrieve it.
• Implement a policy of backing up regularly to prevent ransomware from causing data loss.
• Implement a disaster recovery service.
• Provide phone numbers for contacting vendors who may be able to restore the systems they provide for you.

Prevent a Ransomware Attack With Preparation

Companies must remain vigilant in today’s era of data breaches and ransomware attacks.

Learn the proper steps to prevent, detect and recover from ransomware, and you can minimize its impact on your business. Use these tips to keep your organization’s information assets safe and stop a ransomware attack before it starts.

Use a trusted data center provider and vendors. Perform due diligence to make sure they are trustworthy.