What Is Ransomware And What Are Some Best Practices For Ransomware Prevention

One of the most common threat types in the cyber world today is Ransomware. We are seeing more and more of it, and it was the center of the highly publicized breaches in a U.S. oil pipeline company and a global meat producer.

What is Ransomware and How Does it Work?

So, exactly what is Ransomware? Ransomware is malware (software intentionally designed to cause damage to a computer, server, client, or computer network) that employs encryption to hold a victim’s information for ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom payment is then demanded to provide access to those files and information.

Ransomware is often designed to spread across a network, targeting databases and file servers, and can thus quickly paralyze an entire organization. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses upon businesses and governmental organizations.

Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim, enticing the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the Internet without the user’s consent and often without their knowledge.

So how can you avoid a Ransomware attack? It’s not easy because many times the hacker sneaks into your network undetected. Since Ransomware attacks often leverage phishing, phishing best practices can help avoid Ransomware attacks, as well as the tips below.

Ransomware Prevention Tips

The Cybersecurity & Infrastructure Security Agency (CISA) and the recent guidance from the White House to corporate executives and business leaders on cybersecurity are good sources of information with Ransomware prevention tips and ways to protect against Ransomware attacks.

• Back-up your data and systems frequently. Regularly test your back-ups and keep the back-up of your data offline (e.g., separate from on your PC). If your computer becomes infected with Ransomware, you can restore your system to its previous state using your back-ups.
• Update and patch your computer promptly. Ensure your applications and operating systems (OSs) have been updated with the latest patches as soon as they are available.
• Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
• Leverage multi-factor authentication. Use multi-factor authentication (e.g., password + pin code) vs. just a password on your devices whenever possible.
• Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know; verify website addresses independently, e.g., by visiting a site directly from your web browser rather than using the email link.
• Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
• Keep your personal information safe. Check a website’s security by verifying that it displays the padlock security icon in the web browser. The padlock indicates a secure mode that encrypts the communications between your browser and the website.
• Verify email senders. If you are unsure if an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email.

What to Do If Your PC is Infected with Ransomware?

Change all system passwords once the Ransomware has been removed. You can submit Ransomware files to the Cybersecurity and Infrastructure Security Agency (CISA) for analysis via https://www.malware.us-cert.gov/.

For additional information, check out the CISA website at https://us-cert.cisa.gov/ncas/tips/ST19-001.