Ransomware is one of the major threats computer users now face, even though recent reports suggest that many people don't actually know what it is.
Delivered via spam or phishing emails that trick users into clicking on malicious links, ransomware renders computer systems, devices or files inaccessible and holds the victim hostage until payment is made, usually in the form of bitcoins.
"Victims are faced with the choice of paying up or losing all their valuable data forever. Unfortunately, this approach works for cybercriminals, because consumers and businesses are unprepared for their data - whether it's a business' intellectual property or family photos - to be taken from them with no hope of retrieval unless they pay," says Usman Choudhary, chief product officer at ThreatTrack Security. "Understandably, nearly 1 in 3 security professionals at companies say they’d be willing to pay for the safe recovery of stolen or encrypted data, and that number jumps to 55 per cent at organisations that have already been targeted. Meanwhile, your average home user feels as if they have no choice but to pay".
To help IT pros ensure their organisations don't fall prey to ransomware, the VIPRE antivirus team at ThreatTrack has issued five essential safety tips as follows:
1. Back up your data - External hard drives keep dropping in price and growing in capacity, so they provide an easy and affordable way to back up your data. There are also numerous cloud-based 'set it and forget it' options for automatically backing up your data to an offsite server. Backing up is by far the best do-it-yourself tactic you can take to protect yourself from being blackmailed.
2. Start a schedule - It's good to back up your data but it needs to be done regularly to be effective. ThreatTrack recommends backing up your data at least once a week and, ideally, once a day.
3. Be aware of phishing emails - Employees need to be aware of the latest social engineering tactics being used to lure people into clicking on malicious links and attachments. There are many resources available that can help, including online tutorials and security awareness training services. Just sending out regular communications about the various tactics and terms used - spam, malware, spear-phishing, etc - will help employees become more vigilant about identifying phishing attempts.
4. Update your software - Ransomware authors often seek to exploit vulnerabilities in popular software applications. If you're diligent about keeping applications up to date, you'll minimise your exposure to potential attacks. Better yet, make sure that any applications that can be set to update themselves automatically have that feature turned on.
5. Keep work and personal data separate - A recent survey showed that nearly a third of IT security staff were asked to remove malware from an executive’s computer/device because they had let a family member use it. With so many people working from home it can be hard to separate work from personal life, but keeping these two worlds apart can go a long way toward protecting data and minimising the impact of an attack.
If you are struck by ransomware, ThreatTrack recommends you immediately cut off any connections, shutting down your computer and disconnecting it from the network. While the damage to that system has already been done, you can help stop the spread of malware to other systems or devices.
Photo credit: wsf-s / Shutterstock