Ransomware has emerged as the predominant online security threat to home users and small businesses. Delivered through spam or phishing emails that trick users into clicking on malicious links, this type of malware renders computer systems, devices or files inaccessible and holds the victim hostage until payment is made, usually in the form of Bitcoins.
“Understandably, nearly 1 in 3 security professionals at companies say they’d be willing to pay for the safe recovery of stolen or encrypted data, and that number jumps to 55% at organizations that have already been targeted. Meanwhile, your average home user feels as if they have no choice but to pay,” said Usman Choudhary, chief product officer at ThreatTrack Security.
No one is immune, not even law enforcement. Last year, a police department in Massachusetts paid $500 to cyber extortionists to decrypt its files – just one of many examples throughout the country.
What can people do to protect themselves?
ThreatTrack provides the following five ransomware tips for businesses and home users:
1. Back up your data – Always keep a copy of your data backed up. There are also numerous cloud-based “set it and forget it” options for automatically backing up your data to an offsite server. These services, which include Carbonite, CrashPlan and Mozy, have the added advantage that they store your data in the cloud, so in addition to being able to recover from a ransomware attack, you’re also protected in the event of a physical disaster such as a fire, flood, tornado or earthquake. This is by far the best do-it-yourself tactic you can take to protect yourself from being blackmailed.
2. Get on a schedule – It’s one thing to back up your data, but if you can’t remember the last time you performed one, it does you no good. ThreatTrack recommends backing up your data at least once a week and, ideally, once a day.
3. Be aware of phishing emails – Educate yourself, family members and employees on the latest social engineering tactics being used to lure people into clicking on malicious links and attachments. There are many resources available that can help, including online tutorials and security awareness training services. But simply sending out regular communications about the various tactics and terms – spam, malware, spear-phishing, whaling, etc. – will help employees become more vigilant about identifying phishing attempts, which often appear to originate from a trusted source – a friend, co-worker, favorite online store.
4. Practice safe computing, update your software – Another technique used by ransomware authors is to exploit vulnerabilities in popular software applications. If you’re diligent about keeping applications up to date, you’ll minimize your exposure to potential attacks. Better yet, make sure that any applications that can be set to update themselves automatically have that feature turned on. Commonly targeted applications include Adobe Reader, Adobe Flash, Java, Google Chrome, iTunes, Skype and Firefox.
5. Keep work and personal data and files separate – A recent survey showed that nearly a third of IT security staff were asked to remove malware from an executive’s computer/device because they had let a family member use it. With so many people working from home (many small businesses operate entirely out of the home), it can be hard to separate work from your personal life, but keeping these two worlds apart can go a long way toward protecting your data and/or minimizing the impact of an attack.
Finally, should you get hit by ransomware, immediately cut off any connections – that means shutting down your computer and disconnecting it form the network. While the damage has already been done, it can help stop the spread of malware to other systems or devices.