Ransomware

Ransomware

Ransomware is a type of malicious software that is designed to infect your system and encrypt your files and hold you to ransom.  There are many different variants of ransomware and they are always changing how they infect you or adding additional malware to your system in order to make it harder for you to get back to normal.

Like other malware, ransomware is often spread through phishing or spam emails and by clicking links or opening attachments in these messages, you can infect your system.

Once infected, the first question most people ask, is should I pay the ransom to get my files back?

And the answer has to be no.  Not only does paying the ransom, fund more of this type of illegal activity, but there’s a distinct possibility that you won’t actually get your files back or that now they know your willing to pay, they’ll target you again.

The first defence against this type of attack is to make sure your files are backed up.  A good backup and restore policy and procedure that you can follow, will help in many different situations.

Prevention

Prevention is always better than cure, so stay one step ahead and follow this advice.

1. Patch and update your operating system
For small business and home users, patching your operating system, whether it’s Windows, Mac or any other system should be set to automatic as this provides a good 1st line of defence against lots of different issues, including ransomware.  While it can often seem like updates are never ending, they do provide a good protection and should be set to automatic and installed as soon as you can.

2. Update applications
Like the operating system, applications need updating to ensure that any security issues are fixed as soon as possible.  This is especially true for browsers such as Chrome and Firefox and the various plugins such as Adobe Flash or Java.

3. Ensure anti-virus software working is up to date
Your anti-virus software provides many functions and defences and they are continually getting better.  But they must be kept updated and it’s recommended to run scheduled scans on your devices to keep them clean, you can set this up on an automatic schedule and it’ll warn you if it finds any issues.

4. Don’t log on as an administrator
The administrator or root account is a special one and allows many changes to be made be anyone that is logged in with that account.  This includes malware and ransomware which can cause severe damage to your system, so it’s important to be logged in as a ‘normal’ user that is not an administrator.  If administrator privileges are required, you’ll be prompted to enter a password and you need to be sure what is asking for that password before proceeding.

5. Implement access controls
Enforce good controls on who can access what data, keep confidential data only to those few who really need access.  If you have several people who access one PC, make sure they use their own account to access their own data and set up any data that needs to be shared using the inbuilt sharing functions.  This ensures that only the right people have access to the right data and any confidential or sensitive data should be shared appropriately.

6. Enforce software rules
It’s all to easy to keep downloading and installing software you want to try or that you think you need, but when was the last time you really looked at what’s installed on your PC and removed any you don’t need?  The more software you install, the more you have to update!

7. Disable macros in MS Office applications
Macros are powerful scripts that can enhance your documents, like Word or Excel, unfortunately they also open up lots of weaknesses that can be abused by malicious software.  So keep them disabled unless you really need them and only do so for documents you trust, not for ones you get via email or that you weren’t expecting!

8. Backup your data and know how to restore it
Your data is critical, whether it’s your family photos, your companies records or customer data.  So backing it up and being able to restore it is critical.  The use of cloud storage can really come in useful, but make sure you choose the right service and that security and privacy are high on their feature list!

Ransomware is on the rise and 2018 will be no different, so make sure you follow the above and make sure other users who you share files with enforce this advise as well.