How to Protect Against Ransomware: 7 Ways to Stop the Worst Cyberthreat

Global ransomware damage costs predicted to exceed $5 billion in 2017, up from $325 million in 2015, according to Cybersecurity Ventures.

And it gets worse…

Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures said in the same report, “While the percentage of ransom victims who pay Bitcoin to hackers in hopes of reclaiming their data appears to be on the decline, the total damage costs in connection to ransomware attacks is skyrocketing. We believe ransom payouts are the least of all damage cost contributors.”

Mike Fey, president and COO of Symantec, said, “The ‘clean up’ for companies who were impacted by WannaCry will be enormous, including months of recovery time for IT departments and multi-millions in cost for the victims.”

Very few companies can afford a loss of multi-millions, let alone months or even weeks of downtime.

Once your computer systems have been attacked, it’s too late for protection.

You need to empower your organization with ways to protect against ransomware today before you become a victim of one of the worst IT security threats in recent history.

To help you prevent data loss and safeguard your company, we’ll review some of the most persistent ransomware threats you should be aware of, and then go over some powerful methods of protecting against them.

But first, let’s make sure you understand what ransomware is and how it can gain control of your computer systems.

What is Ransomware and How Does it Occur?

The definition of ransomware is wrapped up in the name itself:

It’s malware that holds a person’s or company’s data hostage until they pay a ransom to gain access to it.

You can become infected in all the usual ways:

• A malicious link in an email message
• Infected websites
• Fake apps
• Malicious ads, or Malvertising

Once your machine is infected, ransomware can encrypt all forms of files, from documents to pictures to videos.

It can encrypt your data (with or without a key), lock you out of your operating system, and spread to other PC’s on the network.

To get your data back, the hackers usually request payment in Bitcoin because it’s harder to trace and follow this form of money.

Another hallmark of ransomware is you’ll be given a short time-limit to pay the ransom or risk losing your data forever.

According to a report from the Security Ledger, the FBI suggests you simply pay the ransom because “the ransomware is that good.” These remarks came from the Assistant Special Agent in charge of the FBI’s CYBER and Counterintelligence Program in Boston, Joseph Bonavolonta.

If the FBI is telling you to pay the ransom, you know you need to do everything possible to avoid getting infected.

To help you better protect yourself, let’s understand your enemy by looking at some common forms of ransomware.

5 Dangerous Types of Ransomware

Here are 5 well-known, dangerous, and active ransomware threats you need to guard against.

WannaCry

WannaCry is the ransomware that rocked the world in May of 2017 by infecting over 200,000 computers in 150 countries.

WannaCry uses an exploit in the Microsoft Windows operating system that was developed by the NSA called EternalBlue.

It works the same as most other types of ransomware by encrypting your data, giving you a “ransom note” and a time limit to pay the ransom.

While it was successfully blocked, worse versions were developed using a similar Server Message Block (SMB).

UIWIX

UIWIX uses the same SMB vulnerability that WannaCry used (EternalBlue) to infect systems, propagate itself within networks, and scan the internet to infect more victims.

The difference between UIWIX and WannaCry is UIWIX is fileless.

Fileless infections are more dangerous than file infections because it reduces the footprint of the malware, making detection extremely difficult.

Also, UIWIX is stealthier.

If it detects it’s inside of a virtual machine (VM) or sandbox environment, it will terminate itself to avoid being caught.

If it’s not caught, it will add the .uiwix extension to all your infected files and give you a .txt file called _DECODE_FILES.txt with instructions for paying the ransom to retrieve your data.

Petya

Petya is a unique form of ransomware in that it doesn’t encrypt files on a system one by one. Instead, it reboots computers and encrypts the master file table (MFT), rendering the master boot record (MBR) inoperable.

This leaves the computer unable to boot up until the victim pays the ransom note which will be displayed on the screen in place of the computer’s MBR.

Cerber

Cerber had massive market domination in the first quarter of 2017, with almost 90% of market share toward the end of that quarter, according to Cybercrime Tactics and Techniques Q1 2017.

Cerber is notorious for being distributed in malicious links through email. The link leads to a hacker controlled Dropbox account which opens a self-extracting archive that takes over your machine.

CryptoWall

Cryptowall has already advanced from version 3.0 to 4.0, and it’s extremely dangerous.

Mainly because its creators run it like a business:

• They’re continually enhancing their code to make it more effective and profitable
• They stay one step ahead of IT security trends
• They’ve developed numerous social engineering tactics to pressure their victims to pay the ransom in most cases

CryptoWall and the way it’s distributed has proven to law enforcement that there is a bustling black market of ransomware buyers and sellers.

This is a clear indication that you need to protect against ransomware in every way possible.

Here are a few ways to keep your company safe from an attack.

7 Ways to Protect Against Ransomware

Backup Everything, Every day

If you backup all your data, every day, then when an attacker asks for a ransom of $10,000 you can rest easy knowing all that data they just locked down or destroyed is safe on another server that they can’t touch.

However, you have to know how to backup your data correctly.

Ransomware attackers can infiltrate a backup system by going through your desktop first and worming their way into your network.

Which means you have to backup your data into the cloud – or, on a local storage device that is offline and not directly connected to your system.

If you backup your data to an external hard drive, only connect the hard drive when backing up your data, then immediately disconnect it.

Screen Your Emails and Don’t Click Suspicious Links or Ads

Learning to prevent phishing is one of the most important ways to protect yourself from a ransomware attack since most ransomware is distributed through email.

Also, malvertising, or malicious links embedded into ads, is another way you can become infected with ransomware as we’ve mentioned earlier in the article.

Watch out for business email compromise, don’t click ads, and stay vigilant.

Install an Antivirus Firewall

Choosing a firewall to protect against ransomware is essential, but it can be challenging.

There are many firewalls on the market, and none of them can guarantee 100% safety, but they will certainly protect you more than not having one.

Choose a firewall that matches your budget and network use, and then move on to training your employees proper IT security.

Invest in Security Awareness Training

Ultimately, hackers rely on the “human element” more than any other factor to gain access to your information.

Your employees aren’t stupid, but they probably don’t think as seriously about IT security as you do.

Investing in security awareness training will help create a culture of vigilant employees working to identify and avoid malicious links, phishing emails, and dangerous behavior online.

Apply Security Patches to All of Your Applications

All cyberattacks and hacking attempts try to exploit vulnerabilities within your third-party plug-ins and apps.

Patching your applications helps to prevent hackers from entering your machines through holes in your installed software.

Java, Flash, Adobe, etc. all need to be consistently updated and/or patched to make them impenetrable.

Whitelist Computer Applications

While blacklisting is the practice of preventing the installation of one specific piece of software, whitelisting is the practice of allowing a specific set of programs and websites – blocking the installation or visitation of everything else.

You first scan a machine and identify all the legitimate apps, then configure it to block the installation of any additional apps.

Online, you could install an ad-blocker and a script-blocker to avoid ads and java and flash applications, whitelisting only the sites you deem appropriate and safe.

Develop a Disaster Recovery Plan

A disaster recovery plan (DRP) can help you spring into action during a whole host of different emergencies, from hackers to hailstorms.

Here are some steps you might include in a DRP for a ransomware attack:

• Shut down most of the organization’s network immediately to prevent infection from spreading.
• Shut down Wi-Fi and Bluetooth right away.
• Alert your local authorities and the FBI
• Either pay the ransom to get your files back, or don’t pay the ransom and delete all the infected files and restore the new ones using your backup.

These steps and more would be laid out in a comprehensive DRP that every employee would be able to access for quick action during an emergency.

Take Your Protection Against Ransomware to the Next Level

If you want to make sure that your disaster recovery plan is correct, that your firewall is top-of-the-line, and that your employees are well-trained to avoid getting phished in the first place, then you should consider working with a proven IT security company.

A successful IT security company will help you find the solutions that match your budget and requirements – ensuring you pay for the correct amount of security you need.

They’ll analyze your current security measures and suggest ways of improving them.

In short, they’ll make sure you invest in what you need to protect what you want.

If that sounds like a win-win, then here’s what to do next…