Over a last couple of months, Cyware has received hundreds of emails asking help against ransomware infection. There is little doubt that 2016 is the year of Ransomware. In this year, we have seen many dreaded ransomware like Zepto, Cerber, FairWare, WildFire, Petya, Mamba and the list goes on. Not only different types of ransomware but also different versions of the same ransomware. To quote few examples, the Cerber series is now on its Version 4 with Cerber4 raiding the networks presently across the globe. Recently, Cerber4 received a major update that makes it more lethal. Another example is that of Locky ransomware of which Zepto is a version. Locky also received an update by its makers recently that makes it more deadly. Infact Locky has accounted for 97% of malicious junk sent over email. On 24th October 2016, Locky created a record with 14 Million spam emails being sent in just one single day.
The menace of ransomware is going to continue in coming months because it is turning out to be a profitable business for the criminals. It does not make any sense to oblige to the demands of the criminals. There is no guarantee that you will get your encrypted files back even after you pay the hefty ransom in bitcoins. Therefore, every individual or business firm should inculcate certain habits, measures and practices in their daily cyber hygiene to prevent the ransomware infection in the first place and to be prepared in case of infection. In this article, we list out 8 proactive steps you should take to fight ransomware.
- Back up your files regularly: Backups are the most important tool in fight not only against ransomware but any natural calamity that obliterates your data in one way or the other. The only thing that you need to ensure is that you have encrypted your backup data so that only you have got the power to restore it.
- Disable Macros: You see! Ransomware is mostly spread through infected email attachments. These are the spam emails you receive in your inbox or spam folder that are trying to socially engineer you and motivating you to click that infected attachment. Most of these attachments are Office documents that ask the users to enable macros.
- Install Microsoft Office Viewers: You should not fall for this trick. Instead you can use this new Office tool released by Microsoft to limit the functionality of macros. This tool prevents the user from enabling the Macros on documents that are downloaded from the internet. You can also install Microsoft Office Viewers. This allows you to see the Office document without enabling Macros, thus preventing you from running the ransomware even when you click on the infected file.
- Hold your Curiosity: Do not open unsolicited attachments. Nowadays, ransomware is also sent as embedded in documents that are distributed over spam emails. This step is the key to prevent any infection that comes from the spam emails.
- Keep your software updated: This is to prevent attack through any zero-day vulnerability or any bugs that are there in the software and allow for backdoors. Keep your software on a regular auto-update so that it gets updated as and when patches are released.
- Inculcate Cyber Awareness: Awareness is the new paradigm in the cyber security. Keep your staff updated about what’s trending in cyberspace; the hacks of the week, the latest malware and vulnerabilities, best practices, threat intelligence, and other tips. A small weekly talk on cybersecurity news will go a long way in training your staff adequately against cyber threats.
- Segment the company network: It is considered a very healthy practice and one of the hallmarks of a good organizational cyber hygiene. Create separate functional areas protected by firewall. For example, the client and server networks should be separated so that systems and services can be accessed only in case of requirement.
Follow these 7 steps and you can reduce the probability of being infected by ransomware by a huge margin. These 7 steps will not only prevent you from being infected by a ransomware but also many other dreaded malwares roaming around the internet.