There are a number of reasons why ransomware attacks have been increasing and why the crypto-ransomware has now become one of the biggest and most worrying threats. However, the main reason is ransomware is extremely profitable.
How profitable? According to a recent security report from McAfee Labs, one single ransomware author managed to pull in an incredible $121 million in ransomware payments in the first six months of 2016. Take off the expenses incurred and the author cleared $94 million in profit.
That was just one author. There are many. There are now more than 200 different ransomware families and many more variants of each. Fortunately, developing new ransomware is a complicated business that requires considerable programming skill. Unfortunately, there are many individuals who rent ransomware to conduct campaigns and take a cut of the profits.
The explosion in use of ransomware in the past two years is a cause for concern for all Internet users, especially for business owners. Unfortunately, the ransomware crisis is unlikely to be resolved any time soon. As long as it is profitable, the attacks will continue. Vincent Weafer, VP of Intel Security’s McAfee Labs, expects the revenues from ransomware infections in 2016 will be of the order of several hundreds of millions of dollars and most likely considerably more.
McAfee recorded 1.3 million new ransomware samples in the first half of 2016. The risk of infection with ransomware has increased as authors employ increasingly sophisticated methods of evading detection. Ransomware is also spreading faster and encrypting even more data to ensure victims have no alternative but to pay up.
But how is it possible to prevent ransomware attacks? Unfortunately, there is no silver bullet. Prevention requires several different strategies to be adopted. To prevent ransomware attacks, check out the ransomware protection tips below.
Ransomware Protection Tips
We have listed some ransomware protection tips below that will help you to avoid ransomware infections – And how to avoid paying a ransom should the unthinkable happen.
The first rule of ransomware avoidance is backing up your data
The no More Ransom Project is a great initiative. When ransomware variants are cracked and decryptors developed, they are being uploaded onto the No More Ransom site. Victims can then decrypt their files for free. However, there are more than 200 ransomware families and less than 10 free decryptors. You don’t need to have majored in mathematics to work out that the probability of a decryptor being available is rather small. If you want to be able to avoid paying a ransom you must have a viable backup of your data.
The second rule of ransomware avoidance is backing up your data
Without a backup, you will need to pay the ransom if you want your data back. You therefore need to make sure you have a viable backup file. However, multiple backups should be performed. You should have a backup on an external hard drive and a second backup in the cloud. Your external drive must also be disconnected once the backup has been performed.
Keep software up to date
Vulnerabilities are constantly being discovered and patches issued to plug security holes. Even if exploits have not been developed to take advantage of those vulnerabilities, patches can be reverse engineered. Once patches are released, it will only be a matter of time before exploits are developed. It is therefore essential to apply patches and install software updates promptly. Patches should be prioritized with critical updates applied first.
Remove unnecessary software and browser plugins
If you have browser plugins installed that you never use, remove them. They are an unnecessary risk. Of particular concern are Adobe Flash, Java, and Silverlight. Vulnerabilities are regularly discovered in these plugins and for many businesses they are surplus to requirements. Remove them or at least set them to require manual activation.
Malvertising may not be the most common method of ransomware delivery but the risk should be mitigated nonetheless. Businesses should use an adblocker to prevent malicious adverts from being displayed. Do your employees need to see web adverts? If not, why take the risk?
Filter the Internet
Malicious websites containing exploit kits can probe for a wide range of security vulnerabilities and leverage these to silently download ransomware. WebTitan can be configured to block websites known to contain malware and block sites by category. Categories of websites known to be ‘high risk’ can be blocked, as well as sites that have no work-purpose. Blocking access to certain categories of websites can greatly reduce the risk from web-borne ransomware and malware infections.
Conduct security awareness training
Security awareness training is not just for employees. All individuals in an organization should be taught the security basics from the CEO down. Training should include phishing awareness and avoidance, ransomware and malware, and good security best practices such as never opening emails from unknown sources, not enabling macros, and avoiding clicking links in spam and suspicious emails.
Turn off macros
Macros are used in many organizations, but not by the majority of employees. Macros should be disabled on all devices unless essential, and even then, macros should be enabled manually on documents and spreadsheets if required.
Employ a robust spam filtering solution
A paid-for spam filtering solution should be installed to catch spam emails and prevent delivery. Email is one of the most commonly used ransomware delivery mechanisms. Anti-spam solutions such as SpamTitan can greatly reduce the probability of employees’ security training being put to the test.
Use anti-malware and anti-virus solutions
Employ anti-malware and anti-virus solutions that include a real-time scanning feature and set the solutions to update virus/malware definitions automatically. Full system scans should also be periodically conducted.