Ransomware poses a threat to you and your computer. It is ‘extortion’ software (a type of malware) that can lock your device and then demand a ransom for its release. Depending on the type of malware, either the operating system or individual files are encrypted. Ransomware prevention is therefore a vital element in cyber security and today we take a closer look.
Are you a potential ransomware victim?
Our approach to cyber security at CRIBB is a proactive one. You must never assume that you are not a target for cyber criminals, which applies to individuals and organisations alike. Ensure that you are as cyber aware as you can be, too. Take the time to educate yourself on even the most basic IT security measures. To go deeper, speak with cyber security experts such as our team here.
On the subject of ransomware, please take a moment to answer these simple questions:
- Is your device state-of-the-art?
- Does it feature software which is out-of-date?
- Is your operating system patched?
- Are your browsers patched?
- Do you have a backup plan in place?
- Are you sufficiently cyber aware?
- Do you have a cyber security plan in place?
If you answered ‘no’ to any of these questions then you are at risk of becoming the victim to a ransomware attack. One solution is for a cyber security professional to perform a vulnerability scan on your device. As the name suggests, this involves a scan being performed to search for possible security vulnerabilities in the operating system or the programs you have installed. If these are detected then they can be fixed – which can prevent your device from becoming infected.
Protect yourself against ransomware
Try to follow these basic cyber security tips for the prevention of ransomware:
- Do not click links on unknown websites or in messages / emails from untrusted sources
- Similarly, do not open email attachments if you are in doubt as to their authenticity
- Try not to disclose your personal information unless it is to a completely trustworthy source
- Avoid using unknown USB sticks
- When downloading, only do so from known sources
- Be careful when browsing through websites; look out for a lock symbol in the address bar or make sure that the web address begins with ‘https’ rather than ‘http’
- Install regular updates on your device(s) and try to keep your programs up-to-date
- When using public Wi-Fi networks, use ‘Virtual Private Network’ (VPN) services or avoid making any sensitive transactions
- Consider using anti-ransomware software
Protect your organisation against ransomware
As aforementioned, organisations are also targets for cyber-attacks, including ransomware attacks. All too often there are weak security systems and processes in place, even within many large companies. The following factors that should be taken into account by any company seeking to avoid ransomware infection:
- Ensure your organisation is using the most up-to-date operating software
- Raise cyber awareness amongst all employees (as a minimum, all should be able to assess whether attachments, links or emails are trustworthy)
- Develop and implement robust security protocols and processes
- Have a plan in place in the case of a ransomware infection and regularly test it
- Complete regular back-ups for all business-critical data
There are of course other measures that can be taken both for individuals and by organisations. Above all, you must be ready and prepared; take the time to develop cyber security plans. A good tip to bear in mind is making the switch to cloud technology and cloud storage solutions. The simple fact is that vulnerabilities in cloud-based architectures are harder to exploit.
CRIBB Cyber Security tip: Windows permissions
CRIBB’s Patrick Carolan suggests that one of the bigger safeguards against ransomware revolves around Windows permissions. “Users should always log in to their devices with ‘least privilege access’ – user permissions only, for example.”
He continued by saying that “when they need to make a system change, the operating system is smart enough to detect this and request an administrative login. As a result, it is common for users to have two login accounts now, a user permission login for day-to-day operations and also an administrative login just for system changes.”
Utilising this method restricts the ability for viruses and ransomware to activate, whilst allowing the installed antivirus to perform its function and quarantine them.
It is in everyone’s best interests to aim for ransomware prevention. We are all potential victims and must do all we can to minimise risk. For a more detailed discussion and to see how CRIBB Cyber Security can help, contact us today.