In 2017, the WannaCrypt attack affected 200,000 victims across 150 countries, demonstrating the extremely malicious capabilities of ransomware.
The WannaCrypt attack locked users out from their own files, and demanded a ransom for their release. For the many businesses affected by this, it was a disaster.
While Australia avoided the worst of it, the Australian Government confirmed eight major national businesses had been affected by the ransomware attack. Despite this close call, the Assistant Minister for cyber-security, Dan Tehan, warned that ransomware still costs the Australian economy up to $1 Billion every year!
As the Internet becomes evermore involved with public, private and professional life, protection against ransomware is becoming all the more important. As a result, everyone is asking the same question – how to prevent ransomware in 2018!?
To make sure you and your business is able to deal with the increasing threat of ransomware, we have developed an in-depth guide, which includes:
- an introduction about exactly what ransomware is
- the different types of ransomware in existence
- who is most at risk, and
- how to prevent ransomware in 2018.
An Introduction to the Ransomware 2018 Scene
Understanding what ransomware is and how it spreads is extremely important for your IT security.
So let’s start at the very beginning.
What is Ransomware?
While traditional malware like viruses and trojan horses are often focused on destroying your IT system and spreading to the next, ransomware is focused on preserving and controlling your IT system, and using it against you.
In doing so, it can trick or even force you into meeting a demand. The main ways ransomware will do this includes:
- A false message about an IT issue, and a false, malicious, and often costly solution.
- Retrieval of your data and a threat to publish it publically. Or
- Encryption of your data with an unbreakable code, locking you out indefinitely.
How Does Ransomware Enter Your IT System?
The most common ways ransomware enters your IT system includes:
- a downloadable email attachment;
- suspicious instant messages on social media, containing a fake link to a familiar sounding website;
- downloads and links offered by suspicious web pages; and
- streaming unsafe data.
One of the most successful ransomware attacks in recent years stemmed from a crypto virus called CryptoLocker. It typically spread through an inconspicuous email attachment. People who opened the email attachment found their computer displaying a message which prompted them to pay $400 within 100 hours, or all the files on the drive would be destroyed!
The costs of this ransomware attack were huge, extorting an estimated $3 Million from victims around the world. As a result, Cryptolocker removal became an industry in itself!
So, we know ransomware is bad. The beginning of your defense starts with understanding your enemy.
The Different Types of Ransomware in 2018
As ransomware attacks increase in sophistication and frequency, a few types appear to be preferred by hackers worldwide. Just like a real life virus, it is important to recognise their traits in order to fight them.
In 2018, the most common ransomware attacks are expected to take the form of:
- Scareware: As the name suggests, this form of attack manifests itself as a pop up message on your computer, claiming that you are infected by a virus, aimed at scaring you into action. It will conveniently propose a fake “solution”. For example, to download, and pay for, a fake antivirus.
- Screen lockers: These crypto viruses are designed to freeze your computer and only show one message. Typically, a fake message from an official government organization (for example a Police Agency or Justice Department). You won’t be able to access any files until you meet a demand, or completely wipe your system and restore a backup.
- Encryption viruses: These allow cybercriminals to gain complete power over your files by encrypting them, and completely locking them from you for as long as the cyber criminal desires. To restore access, you will have to meet various demands. But even if you do, there is no guarantee your data won’t be used for other malicious uses.
Who is Most at Risk of Ransomware in 2018?
Business and corporate networks are now the focus of ransomware attacks.
A recent study sponsored by Malwarebytes, published in 2016, found that almost 50% of organization’s surveyed had been the victim of ransomware attack in the previous 12 months!
The main reasons that ransomware is going after business and organizations is:
- they are potentially the most lucrative victims; and
- they are also, often, the most easily infected.
Why Are Businesses and Organizations More Easily Infected?
The main reason is that employees (outside of the IT space) are generally more relaxed about cyber security at work than at home. There is a common belief that cyber security is handled by the business, and therefore there is no need to worry too much about it.
Sure, businesses should manage their own cyber defense networks, but it is the behavior and actions of individual staff that can open cracks in those defences to ransomware attack (for example opening risky email attachments or visiting dodgy websites).
According to some government reports on cyber security, more than 90% of all attacks start with employees exposing personal data.
Employees should not be punished, but rather more emphasis should be placed on bringing everyone up to speed with the risks, and providing education on the best ways to minimise those risks.
This is explained in the broader context of ransomware 2018 prevention and management below.
How to Prevent Ransomware in 2018 – A Multi Layered Defence System
The most effective way to prevent ransomware from completing it’s malicious objectives is a multi layered defence system. By this we mean a defence system with the following layers:
Using this approach, let’s build your hypothetical ransomware defense system down from the top down.
Defence Layer 1 – Ransomware Prevention
This is where a good multi layered defense system starts. The three key parts of ransomware prevention are:
- Installing the right security software
- Keeping all software up-to-date
- User behavior
To create a wall of seamless security software, you need the following components:
- A firewall
- An antivirus program; and
- An anti-malware program.
Bear in mind that not all these different types of software work well together, and you need to investigate which combination will work best for your IT system. Some software packages will provide all the components you need, while others will be separate, and will require you to build the complete package yourself.
Also, your software must come from reputable sources, as many fake versions exist which can be ransomware themselves. To ensure you find the best and most trustworthy software, you should consult an IT support company.
cybercriminals are constantly looking for new ways to infect and gain access to your data.
As a result, not only is it critical to keep your security software up-to-date, it is also critical to keep all of your computers software up-to-date, particularly your operating system. Updates includes patches and fixes for any vulnerabilities that have been discovered by their providers.
A huge portion of ransomware attack occurs on systems using old, outdated software.
User behavior is the final piece in the prevention puzzle. All your effort building the best software defense can be wasted if user behavior exposes the system to ransomware.
Preventative behavior includes:
- identifying and deleting suspicious emails
- avoiding suspicious instant messages on social media
- avoiding any microsoft downloads which require macros (they may not actually be from microsoft);
- avoiding suspicious websites; and
- frequent cycling of passwords.
With proper employee training, your business can avoid nearly all breaches. The key areas to focus training on include:
- Training on phishing: To educate users about the differences between real and fake emails and social media instant messages.
- Creating company-wide reporting systems: This helps to monitor where threats are coming from, and build a case library for your IT support to work with.
- Running simulations: Just like fire drills, staff will better understand how to take the proper security measures by acting them out in real life. And the good news here is that the data shows that these kinds of drills decrease the success rate of cyber security attacks that rely on human error.
According to a ransomware related report by the cyber security firm PhishMe, susceptibility to phishing emails can drop 20% after the company runs one simulation. The study, which included from more than 300,000 users worldwide, also found that actively reporting email threats could reduce the detection of a breach by an average of one hour.
Defense Layer 2 – Ransomware Containment
Containment refers to how your IT system successfully contains a ransomware breach. This is the second phase role of your security software. The goal is to identify the ransomware and isolate it from your data before it can do any damage.
You should discuss your software security containment capabilities with your IT support company.
Defense Layer 3 – Ransomware Response
Should ransomware pass your prevention and containment layers, you need a response layer. This is usually in the form of manual search, destroy or lock down actions, performed by dedicated IT employees, or an outsourced IT support company. A good example is Cryptolocker removal.
Defense Layer 4 – Ransomware Recovery
In case ransomware is successful in holding your data ransom or immobilizing your IT system, the key to recovery is backing up your data through safe and efficient methods.
Whether you are hit with a cyber crime or need to implement a quick disaster recovery, you have very little to lose by multiplying your backup options.
These days, the most effective and cost effective way to ensure frequent safe backups is through cloud based computing.
Cloud based backup and storage prevents your data being affected by physical on site issues like fire or floods, is not restricted by your hardware, and is managed and updated by the cloud provider, which alleviates the burden on your resources.
Conclusions About How to Prevent Ransomware 2018
Although the sophistication and frequency of ransomware shows no sign of slowing down in 2018, remember that you have complete control of your defense system.
As we have explained in this guide, you can almost completely remove the risk of ransomware issues by:
- Knowing your enemy, i.e. understanding what ransomware is, what forms it takes, and its vector for infection.
- Establishing up a multi layered defense system, focused on (1) prevention, (2) containment, (3) response and (4) recovery.
There is overwhelming evidence which clearly shows that establishing a multi layered defense system, with an emphasis on employee education, can be highly successful in preventing ransomware attack, and 2018 will be no different.
Should you need to discuss the creation of a multi layered defense system, or for any other questions about how to prevent ransomware in 2018, Discover IT can help.
Frequently Asked Questions
What Exactly is Ransomware?
Ransomware is software that infiltrates your IT system and tricks or forces you into meeting a demand. The three main ways ransomware will do this include:
- Give you a false message and propose a false, malicious solution
- Retrieve your data and threaten to publish it publicly; or
- Encrypt your data with an unbreakable code and lock you out indefinitely.
Can my IT System be Made Ransomware-proof?
No system is 100% ransomware proof. You can however improve your defences by:
- Knowing and understanding what ransomware is and how it can infiltrate your IT system; and
- Establishing a multi layered defense system, focused on prevention (security software, frequent software update, and safe user behavior), containment (through the right security software, should ransomware get through the first layer of defence), response (manual search and destroy) and recovery (using a reliable and cost effective cloud based backup approach).
A good IT support company should be able to help you build this multi layered defense system, and educate you on the best ways how to prevent ransomeware in 2018.
Can People be Trained to Prevent Ransomware?
Training employees in safe IT use can drastically reduce the possibility of ransomware attack. Some studies have show that simpy running one simulation of phishing attacks (where a fake email prompts the user to open a malicious file) reduced the risk by 20%.
There is no doubt that training employees across all aspects of online security will be an extremely effective way of bolstering your businesses defensive capabilities and prevent ransomware in 2018.
If Our Computers are Affected, Should We Pay the Ransom?
Absolutely not. It will encourage attackers to continue, and worse, give them funds to find more sophisticated attack methods. Seek out an IT support company that will know how to respond in these situations.