Skip to the main content.
Ransomware 3: Protecting Yourself From Ransomware

Ransomware 3: Protecting Yourself From Ransomware

5 STEPS TO PREVENT RANSOMWARE ATTACKS

When should you start worrying about ransomware? Well, we recommend before that moment when the ransom demand pops up on your computer. Ransomware attacks can be expensive, time-consuming, frustrating, and we have found that stress eating during a cyber-attack can really pack on the pounds… the good news is that malware is preventable if you do the right things and take the time needed to implement them (for you and your organization!)

These five, relatively easy steps, can help dramatically decrease your vulnerability to attack.

Check Out A Case Study

1. Educate Employees About ransomware

As most ransomware infections begin as a phishing email or a visit to a sketchy website- making sure the humans who use the computers in your office have the skills and awareness of the risk around malware is a critical first step. Most people want to do the right thing, so showing how, reminding them of threats in a positive and encouraging way, and finding creative ways to share information and news about ransomware can go a long way. A structured training program can help you organize learning and measure progress.

Only 25% of small businesses today train employees on cyber awareness.

61% reported being attacked by ransomware in 2018.

We clearly have a long way to go in this area. (Also, we recommend puppets, but that’s for later.)

Wanda of Cybermaniacs next to a graphic discussing unprotected files

2. Deploy Cyber Defenses

Cyber security is a hotbed of research and development.  There is more technology out there than any company could possibly afford, need, or use (shhh don’t tell the vendors we told you that they will get mad at us!!)  In many cases, these miracle solutions don’t actually solve all of your problems (dang it, we did it again!)

There are basic cyber security defenses that are critical to maintaining a secure company.

For instance, if you don’t have a firewall protecting the company network and antivirus running on every computer, you’re not merely "leaving the door open..."  You’re hanging a sign out saying “Easy Target Here!” as cybercriminals scan the web looking for low-hanging fruit. Get the bare basics in place, research the particular solutions that you need for your unique use case (email scanning, web application firewalls, etc.), and you’ll be much less vulnerable to ransomware.

3. Keep Systems Up-To-Date

Outdated systems are a hacker’s best friend.  Many of the biggest cyber incidents in history have started with some companies failing to patch the latest vulnerability.  Remember Wannacry? The patch for the vulnerability that it exploited was available in March 2017. The Wannacry outbreak happened in May… Oops.

Updates don’t just apply to your computer programs.  Your antivirus is useless if you’re not keeping it up-to-date and running it frequently.  The data that your AV downloads in updates are what it needs to identify the latest malware found in the wild. 

Schedule A Demo

The threats are moving faster than ever. If your AV “definitions” are even a week out of date, that’s a lot of time for organized crime and weaponized malware to get at your systems.

Handful of popular logos affected by the Wannacry malware

4. Use An Automated Back-Up System

Ransomware totally counts on the fact that, once you’re infected, your only choice would be to pay the ransom.  In many cases, this may be correct if the value of the lost data exceeds the hackers’ asking price.

An automated backup system with offline storage is such a powerful tool for protecting against ransomware. 

With regular backups, you may only lose an hour’s worth of data, which is probably a lot less than the hacker’s asking price. Magic.

5. Restrict Privileges on computers

The principle of least privilege is a common one in cyber security.  This means that users or programs shouldn’t have any more privilege on a computer than what is necessary to do their jobs.  In plain English: you shouldn’t be using an account with administrator privileges right now.

Ransomware often needs elevated privileges (Administrator/root) to do its job on your computer. 

If you’re browsing the web on an account with these privileges, you’re just making life easier for the hackers.  Create a user account with only the privileges that you need to do your job (browsing Facebook and writing Word documents don’t take many permissions) and use that unless a particular task requires Administrator level access.

Fighting Against Ransomware

Practicing good cyber hygiene can make all the difference. 

Knowing your cyber do’s and dont’s and taking a few easy steps can mean the difference between a costly ransomware attack and a cyber non-event. If you need some more help on what to do next, or recommendations on partners we use that can help small and midsize underdogs everywhere get some simple, easy-to-understand advice, give us a shout. And if you would like to see how our puppets can help you keep your staff engaged enough to not click on spammy links, we’re all ears.

Further Reading

Graffiti "Enter" art

RANSOMWARE 1

How Ransomware Gets In! 

Person walking up some steps

Ransomware 2

Anatomy of a Ransomware Attack!

More from the Trenches!

Ransomware 1: How Ransomware Gets In

Ransomware 1: How Ransomware Gets In

Ransomware Attack Vectors Just like an ex breaking your heart before ransomware can lock up your computer, it needs to get inside. While ransomware...

4 min read

Ransomware 2: Anatomy of a Ransomware Attack

Ransomware 2: Anatomy of a Ransomware Attack

Anatomy OF A ransomware attack pt. 2 It begins with a screen. Perhaps plain, maybe embellished with a skull and crossbones. Appearing before you in a...

5 min read

Ransomware and the Human Element

Ransomware and the Human Element

In recent years, ransomware and cyber attacks have escalated in both frequency and magnitude, sending shockwaves through the business world.

6 min read