Ransomware: Protect Your Business Against The Growing Threat

Ransomware is a particularly destructive type of malware that encrypts a computer’s files, effectively holding them hostage until the user pays a ransom (often hundreds or thousands of dollars) to have the files unlocked. Because only the cybercriminals behind the ransomware have the key to decrypt the files, the victims are effectively helpless, and their files completely unusable, until the ransom is paid.

Typically, ransomware is spread through phishing scams via emails containing macro-enabled documents or Zip files with Java scripts as attachments, though criminals are finding new ways to infiltrate. Once a computer is infected, the user receives a warning screen message announcing the encryption, followed by instructions for paying a ransom in exchange for a security key that unlocks their files.

Why It’s on the Rise.
In short, ransomware is very profitable. In the past, cybercriminals had to steal credit card numbers or personal information and try to sell it on the black market to make money. While somewhat profitable, this info was only worth a couple of dollars per account. With ransomware criminals get money directly from the victim, and at a much higher rate. And while ransomware was once riskier for cybercriminals because it involved direct interaction with the victim and could leave a paper trail, new payment methods like Bitcoin have changed the game. These cryptocurrencies allow cybercriminals to collect payments while remaining completely anonymous.

Protect Your Business From Ransomware.
First Federal Lakewood takes the threat of ransomware very seriously, and has several solutions in place to help safeguard our system against it. The protocols below can serve as a helpful guide for steps your business should be taking to protect its own system.

  • Email Quarantine
    All inbound emails pass through the quarantine and network security system, and any emails with Zip file attachments containing Java scripts are automatically sent to an Administrator to be quarantined and reviewed for legitimacy. Anyone who sends a fraudulent email is blacklisted to prevent future issues.
    • Limit Computer Rights
      All current forms of ransomware can only infect a computer if the victim has Administrator rights or elevated rights. To reduce the risk of infection limit and monitor the use of local Admin rights.
    • Disable Word Macros
      Macros in Microsoft Word files are a popular vehicle for spreading ransomware. Configuring your system to disable Word macros by default provides additional protection should a fraudulent email make it through.
    • Programs are Blocked From Running off the Temp Directory
      A computer’s Temporary Directory is the default location for criminals to initiate ransomware. You may want to set your computer policy to block programs from being downloaded and launched from this directory.
    • Frequent System Backups
      Scheduling frequent system backups may help to mitigate the damage in the unlikely event that a ransomware attack makes it past other safeguards.

    Additional Safeguards – For Work and Home.
    Beyond what your business’ IT person may be doing to safeguard the company’s system, there are steps you can take yourself to protect both your company’s computers and any personal computers you may use for work at home.

    • Be Careful with Email
      Never open attachments or click on links from people you don’t know or whose email you weren’t expecting.
    • Be Smart with Web Browsing
      Cybercriminals are likely to expand into exploiting website vulnerabilities and similar avenues as a way to spread ransomware. Try to resist any sites with questionable content as well as any pop-up ads or links that appear.
    • Don’t Use Admin Rights on Your Home Computer
      Instead, create a non-administrator User account for day-to-day usage at home. Malware, especially ransomware, typically requires an Administrator account to infect a computer.
    • Report Suspicious Activity
      If you ever receive a message saying that your files have been locked or encrypted and you’re given instructions to follow in order to unlock them, contact your nearest FBI field office and report the incident right away.

    While ransomware still presents a very serious threat to the well-being of businesses worldwide, your company does not have to become a victim. By taking the steps to protect your computer system, educating your staff or co-workers about prevention, and practicing a few smart tips for safe online activity, you can thwart a would-be attack before it happens to you.