December 22, 2020 0

How to Prevent Ransomware

in Cyber Security

(10 votes, average: 5.00 out of 5)

Loading...

Four ways to prevent ransomware so it doesn’t damage your business, reputation, and general sanity + a bonus tip on how to fight ransomware and limit its impact

Imagine this: Your website is down. You’re locked out of it. Panic hits as potential customers find their way to your competition’s website. This situation can’t get worse, right? Oh, but it does! You get an email that basically lets you know your website has been taken as a hostage and you have to pay a ransom to get it back.

While this may sound like an early 2000s movie starring a Baldwin brother, it’s actually a very real threat. It’s ransomware. But what is ransomware and what’s the secret for how to prevent ransomware? We’ll explore what this cyber threat is and share a total of 5 tips to prevent and fight ransomware

What Is Ransomware?

Ransomware is malware that’s designed to block users from having access to their website, computer, IT systems, servers, or some other form of data or system until some type of monetary payment is made — like a ransom. Often times, it’ll involve encrypting or deleting files, documents, or even backups in the effort of forcing the user into paying the ransom for access to their own data.

The scary thing is that ransomware does not need to be concocted by a mad genius. Often, malware is more complex due to the fact that it’s designed to go undetected for as long as possible. Ransomware does not need to be that sophisticated as it makes its presence known to the user quite quickly.

If you do get hit with a ransomware attack, don’t expect a cash check to do the trick, either. Hackers typically ask for a payment in a digital currency such as Bitcoin due to the fact there is much less personal identification attached to the payments/currency (if any at all for some other types of cryptocurrencies). Many times, cybercriminals will ask for Bitcoin due to its greater anonymity yet the service being easily accessible and the payments being verifiable.

Ransomware hackers are typically thoughtful with their demands in the sense that they aren’t going to ask for $1 million from a user who clearly can’t afford it. The sweet spot is for the ask to be low enough that it seems easier to just pay it than deal with the hassle of fixing the issue but enough to make it worth the hacker’s time.

Ransomware Attacks, Demand Amounts, Payments, and Costs Are All on the Rise…

In 2019, the city of Baltimore was hit was a ransomware attack on its city computers. The hackers asked for $76,000, which the city denied. While admirable, the attack ended up costing the city an estimated $18.2 million.

However, it should be noted that ransomware demands are going up. As recently as 2019, it was reported that “average ransom payment increased by 104% to $84,116, up from $41,198” from Q3 2019 to Q4 2019. A big jump! Some hackers will double or even quadruple their ransomware demands if a payment deadline is missed.

So, if you don’t want to be the poor sap that is googling how to transfer cash into Bitcoin, I suggest you learn the right tactics to fight ransomware. In addition, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) views paying ransomware (or facilitating the payment of it) as a sanctionable offense in many cases. Therefore, you really need to find the right defense, and the best defense against ransomware is not having to deal with it in the first place.

That’s right — think of it as a form of preventive maintenance. This is how to prevent ransomware.

Tip 1 to Prevent Ransomware: Use Email Spam Filters

Phishing emails is one of the most common ways ransomware gets into your system, which is why we are starting here. You must secure your email. Think of your email as this digital opening that is constantly accepting visitors. So, how do you stop malicious visitors from entering? Stop them before they get to the door!

Spam filters do just this. They are basically what their name suggests — a filter you can integrate with your email server that will block detected spam emails. There are plenty of options out there, but you should look for these items in your email spam filter service provider:

• Some spam filters are simply designed to block emails that get flagged for certain words used in the email. Not good enough!
• Instead, look for a spam filter that includes a malware scanner and respects the SPF and DKIM protocols. Let’s explore both of these in a more basic sense:
  • SPF (not the kind you take to the beach) stands for Sender Policy Framework. It basically ensures that every email you receive was sent from a user that was authorized to use the domain listed on the email by the domain’s admin.
  • DKIM stands for DomainKeys Identified Mail. DKIM refers to the method of signing off on an email with a digital signature that can be verified by a public cryptographic key that’s stored in your DNS record.

With a spam filter sophisticated enough to detect malware and accurately work with your other email security methods (SPF and DKIM), you’re sure to help stop malicious emails before they reach the door. 

Tip 2 to Prevent Ransomware: Train Your Employees

In reality, there’s only so much technology can do to prevent ransomware. If a phishing email containing malware does make it past your spam filter, it’s no longer the responsibility of your web security defense to pick up on the threat — it’s now up to your employees to do so. Phishing emails use social engineering to prey on human nature, which is why your employees need to be educated on potential threats. This is where cybersecurity awareness training comes in.

It’s best to include this training in your onboarding process and then making it a mandatory annual employee course from there on out. When building a program or vetting service providers that’ll do it for you, it’s important to include these items:

• Tips for how to spot a fake email and common telltale signs that are often found in phishing emails (with enough examples, employees will start to pick up on the dialect and verbiage commonly used in a phishing email).
• Who to contact in your organization when spotting a phishing email (or a potential one).
• How to check the source of a received email.  
• What they should look for to identify phishing or other malicious types of websites.

Take a look at the example of the phishing email below that could very well be ransomware…

A few things to pay attention to here. One thing is the vagueness of the email. For example, not referring to “the wife” by name or the job role by position title. Also, for some reason, phishing emails seem to always have odd typos. This is possibly because many hackers take a mass approach to looking for a victim (i.e., they are sending hundreds of emails a day, which could be the cause of the lack of attention to detail) and have copy-paste issues. And, finally, the most concerning characteristic is the sense of urgency in trying to get the recipient to click on the link. This is a common trick amongst hackers.

These are just a few of the items your employee awareness training should be focused on and will go a long way when figuring out how to prevent ransomware.

Tip 3 to Prevent Ransomware: Use POLP

Just as employee training is designed to mitigate the negative effects of human error, so is our next prevent ransomware tip. The “principle of least privilege” (POLP) is the act of limiting the access each one of your employees has to your systems and data based on their job responsibilities. The idea here is that if you limit access as much as you can, and an employee’s credentials become compromised, there’s less of a chance that the hacker will have the access they need to do serious damage. It’s mitigation at its finest. 

For example, your intern most likely doesn’t need to have the ability to edit website themes or have access to a database. Let’s explore a few tips to effectively implement this concept of access control. 

Start by:

• Deleting all shared accounts (each employee should have their own account with a unique username and password).
• Deleting all accounts that aren’t be actively being used (for example, the account of a past employee).
• Altering user permissions so that all employees only have access to the data or systems they need to do their jobs (nothing more, nothing less).

Going forward:

• Alter user permissions to match employees’ roles and responsibilities. If they don’t need access to something to do their job, don’t give it to them.
• Delete the accounts of employees who leave the organization.

This is an excellent step when looking at how to prevent ransomware.

Tip 4 to Prevent Ransomware: Perform Vulnerability Patching & Mitigation

Not all ransomware comes from phishing emails — another common way ransomware can get into your system is through existing vulnerabilities. This is why you should regularly run manufacturer updates and patches; it’s to patch those vulnerabilities before a hacker can use them against you. 

The easiest and most efficient way to find other vulnerabilities is with an automated vulnerability scanner tool. This tool ranges from small-scale scanners that scan your website for vulnerabilities all the way to enterprise-grade vulnerability scanners that will scan your entire network. When looking for a vulnerability scanner, be sure to look for ones that are known to consistently update their database with the latest known vulnerabilities (check reviews).

If you’re looking for a vulnerability scanner specifically for a website, make sure the scanner looks for vulnerabilities in your website’s particular CMS (i.e., if you use WordPress, for example, make sure the scanner looks for WordPress updates). 

Bonus Tip: Fight Ransomware with an Automated Website Backup Tool

This last tip doesn’t quite fit in the “prevent ransomware” category, but it fits into the “quickly resolves your ransomware issue” category — which is a pretty good tip to have in your back pocket. Consider it your last resort secrete weapon. An automated website backup tool will back up and store your website files for you, so you can restore them when disaster strikes (like a ransomware attack).

There are many helpful tips to know when picking an automated website backup tool, which you can learn more about at the articles listed below. However, the most important aspect to look for in an automated backup tool to resolve ransomware attacks (and the impact of other types of cyber threats) is to utilize a website backup tool that stores your website files in a “safe place.”

What we mean by this is that there are many ways to back up your site, but the issue lies with where you store the backup files. If you store them on your web server, locally, or your own personal cloud service account, they may just get compromised right there with your website. That’s why you should use a tool like CodeGuard. As an automated website backup & restore tool, CodeGuard stores your website files safely in its own encrypted cloud server. This way, you can safely restore your site when you need to (and CodeGuard allows you to do it in one single click).

• Related: What Is an Incremental Backup?
• Related: What to Do If Your Website Is Hacked

How to Prevent Ransomware – A Final Word

As you go on with your journey, please make sure to implement the tips above. They will go a long way in your quest in figuring out how to prevent ransomware. If you follow these tips, you can save these ransomware scenarios for the next Baldwin blockbuster.

Check out another article we’ve written that talks about additional ransomware protection tips to integrate for your business.

• #ransomware