How to strike ransomware out

Nine ‘Ks’ show how to fight off the dangerous malware

ransomware
Victor Grigas (Creative Commons BY or BY-SA)

Swing and a miss

Most businesses are ill prepared to handle a ransomware attack. In fact, according to a new study released by Carbonite, 68 percent of survey respondents believe their company is “very vulnerable” or “vulnerable” to a ransomware attack. Respondents stated that if their company didn’t pay ransom, it was because they had a full and accurate backup. Without backup, they have no other way to get their most valuable asset back.

Carbonite created this list of 10 important ransomware prevention tips and best practices. 

ransomware
REUTERS/Steve Nesius

Knowledge is power (and so is training)

A great way to prevent a ransomware infection is to educate yourself and train your employees on digital hygiene best practices. That means avoiding clickbait and advertising links—especially if they're hosted on websites that do not have a solid reputation. Keep in mind that if the URL of a website begins with "https" that means it has taken advanced security measures. Sites that begin with "http" are not as secure.

 

2 backup
REUTERS/Mike Theiler

Keep a backup of all digital files

The only foolproof way to make sure you'll get your data back following a ransomware incident is to take the initiative and invest in a high-quality cloud backup system with versioning capabilities before you're attacked. That way, if your computer or your business's network falls victim to ransomware, you can delete the infected files, remove the ransomware and restore clean versions from the backup system.

 

ransomware
Dan Hamilton-USA TODAY Sports

Kickstart your antivirus software

Check regularly to make sure your firewall and antivirus software are updated and working properly. While security software vendors can’t guarantee complete protection, updated security software and firewall protection is the first line of defense against ransomware and other forms of malware.

 

ransomware
Adam Hunger-USA TODAY Sports

Know your enemy

New and increasingly dangerous types of ransomware are popping up all the time. For example, one recently-discovered form of ransomware dubbed PopcornTime offers victims a choice: Pay the ransom or infect your friends with ransomware. A great way to defend yourself against new ransomware threats is to keep up with the latest ransomware news.

ransomware
Caylor Arnold-USA TODAY Sports

Kibosh any unsolicited emails

It's important to avoid clicking on links inside unsolicited emails, and do not open any email attachments unless you specifically asked someone to send it to you. If you're a small business owner, this should be part of your employee handbook. Just keep in mind that employees may fail to adhere to the policy or simply be fooled by a well-targeted phishing attack. Many email providers are beginning to block certain types of attachments because they're often used to spread ransomware. For email, Google's Gmail service now blocks JavaScript (.js) files. Other file extensions to watch out for include .exe, .jse, .ade and .adp.

6 backup
Kim Klement-USA TODAY Sports

Key into storage and backup differences

Many consumers, and even businesses, use cloud storage solutions like Dropbox and Google Drive because they’re often free. But users often learn the hard way that cloud storage does not offer the same protection from accidental deletions and ransomware as cloud backup. Also, many customers don’t realize that solutions like this do not automatically back up new and changed files, much less your entire desktop.

 

ransomware
REUTERS/Danny Moloshok

Knock out software security vulnerabilities

One of the keys to fending off a hack attack is to make sure that all of your applications are regularly updated with the latest security patches. Cybercrooks are always looking for ways to break into your company's network—and they usually accomplish this by exploiting unpatched software security holes. Their goal is often to steal sensitive business or personal information, but malicious hackers are increasingly breaking into networks and manually launching ransomware attacks—a tactic that allows them to forego the process of tricking employees into opening malicious email attachments.

 

ransomware
REUTERS/Kimimasa Mayama

Kiss macros goodbye

Cybercriminals often take advantage of macros inside Microsoft Word or Microsoft Excel files because they can be used to secretly download ransomware onto your computer from a remote server. That's why it's important to disable macros in word processing and spreadsheet management applications. Otherwise, you could contract ransomware and not know about it until it's too late.

 

ransomware
Adam Hunger-USA TODAY Sports

Kill admin privileges that aren’t required

An effective way to guard against malicious hackers who spread ransomware is to enforce "least privilege." That means employees should only have access to the data and applications they need to do their jobs—and nothing more. Having too many users with administrator privileges means there's a greater chance that cybercriminals could steal their credentials and implant ransomware in the network. As an added bonus, this is also a great way to cut down on potential insider threats.

RELATED: The history of ransomware

Ransomworm: the next level of cybersecurity nastiness