Protect Your Business From Ransomware and Other Threats

UPDATE: May 12, 2017 – Massive ransomware cyber-attack hits several countries, crippling hospitals and businesses.

Do you care about your computer’s security and personal files? We bet you do.

Since 2016, ransomware attacks have increased by 50%. Most victims of ransomware are likely to be people using Windows, but literally anybody can become a victim. Hackers are getting smarter every day and will find new ways to infiltrate your system.

But how does ransomware work exactly?

What is ransomware?

Ransomware is a type of malware that hackers use to block your access to your own computer. Temporarily, you cannot do anything else but pay the ‘ransom’. All your files are locked, and possibly even your screen.

Your computer is in fact taken hostage. For a certain sum of money, you can get back access to your computer most of the time. The hacker’s philosophy normally is, you pay the ransom and we’ll give you your files back. There have been cases where some hackers did not honor the ransomware payment and then they themselves were targeted by other hackers. This is because they were bad for business since of course if people think that after paying the ransom they won’t get their files back, then no one will pay anymore.

Hackers use different methods to install ransomware on your computer. One of the most used ways is to send you an e-mail with an attachment. Hackers are smart, and try to impersonate web shops, banks, business contacts or even your friends. All they need is you to open the attachment, which contains the ransomware.

Ransomware can also be installed by finding weak spots in your system. When you are using outdated plugins or software, hackers can enter your system more easily.

Lately, ransomware can also be installed on smartphones or tablets. Basically every device you use for internet can become a target of hackers.

How to protect your business

At CaribMedia, we have been implementing certain actions against this kind of thing and would like to share these with you. We call them the 4 P’s. By following these steps, you can lower the risk of your company becoming a victim of ransomware..

1. People

The first thing you need to do is to keep your staff informed. You need to let them know that these threats are out there and that they need to be very aware of files sent to them, even sometimes from people they know. Awareness is the first step. Be very careful with what you and your employees download from the internet and e-mails.

2. Paranoia

You should be paranoid about incoming attachments, especially ones that are related to financial transactions. Hackers often pretend they are your bank sending you an e-mail to gain trust. When you do not trust an e-mail from your bank, always call your bank right away. They can tell you if they did send you that e-mail including the attachment.

Be suspicious of anything you’re not really expecting. If in doubt, just delete the e-mails. If it is from someone you do not know, chances are it is fake anyway. If you receive an e-mail from someone you do know, you can always verify with them if they actually sent you something. If it was legit and you had deleted it, you can just ask them to send it again, no problem.

You cannot be too paranoid about ransomware these days. Better to err on the side of caution. Otherwise you might end up with a locked computer and having to pay relatively large amounts of money to internet scammers.

3. Protection

There are several things you can do on your computer systems to help you to be more protected against ransomware and other threats.

Updates: Always keep your systems up to date with the latest Windows updates. Microsoft tries to release new updates more or less every Tuesday. Besides computers that run Windows, always make sure all other computers and devices are always up-to-date and running the latest version. Nowadays, ransomware can be installed on any kind of device that is connected to the internet.

File extensions: Always show file extensions on your computer. Sometimes viruses trick you by taking advantage of a windows setting that hides file extensions for things such as Word and PDF files and also programs, but this can work against you. Please ask your IT person to disable the “Hide Extensions for known file types” setting on all your office computers.

Anti-virus: By keeping your antivirus software up-to-date, you protect your computer systems from the latest threats.

Firewall: This has become an indispensable part of business protection. A firewall between your business network and devices and your internet connection is a must – it should be a separate device from your internet connection devices/modems/routers and it also needs to be kept up to date and patched. Many modern firewalls come as part of a Unified Threat Management system that combines several security functions within one single system such as network firewalling, intrusion detection/prevention, gateway antivirus, content filtering, anti-spam, VPN and detailed reporting.

User permissions – Don’t run your office computers using Administrator level users. The reason being that if you are logged in as such, it is quite likely that malicious software programs will take advantage of your administrator privileges to do their dirty work. Make sure all users are logging into their computers as Standard users with normal privileges.

Ransomware protection: On top of your antivirus software, you need to install ransomware protection as well. You can try installing Ransomfree by Cybereason. This anti-ransomware software is currently free. It works by placing ‘honeypot’ files around your system to lure potential ransomware to those places. When one of these files gets encrypted, all alarm bells go off and the software will do its best to stop the virus from encrypting your computer further.

Backups: Another action you need to take is to regularly backup your files and systems. Make sure that you have multiple types of backups for your files, not only locally but also remotely to the cloud. By doing this, you are not only protecting your files from ransomware but are also following an essential protective measure for business continuity.

4. Practice what you preach

Very often the boss will lay down rules for everyone else to follow but then does not follow them themselves because they think they know better. Bad idea! There have been well known cases where it was actually the boss’s system that caused a breach because they simply did not stick to the rules that they set out for everyone else. It’s very much a case of you’re only as strong as the weakest link, so rules and guidelines are there to be followed by everyone, irrespective of position in the organization.

Ransomware is something to take very seriously. Hackers can not only hijack your company’s files and systems, but your personal devices are also at risk. Always stay away from dodgy e-mails and websites and follow our 4 P’s to ensure the safety of your company systems and personal files. Always be careful and be aware of the threats out there.

If you need any help protecting your systems from ransomware and other threats, we would be glad to help you and guide you! Please contact us for more information.