Tips For Preventing Ransomware
Nobody wants to resort to paying a hefty fine to reclaim files. This article stands as the first, and best, protection against ransomware.
The WannaCry ransomware attack stunned the world. Affecting more than 200,000 computers running Windows operating systems in 150 countries, it was a sobering reminder that the computer systems are far from secure. WannaCry instantly reminds us it is imperative that we are more diligent about protecting our systems and the precious data they contain.
The scale of the attack, which hit on a Friday, was not as bad as feared when workers returned to their computers the following Monday. The threat of more ransomware attacks in the future, though, still looms large.
The Official Word on the Attack
The UK’s National Cyber Security Center, opened by the government in February 2017 is a single body for cyber security at a national level. The center notes in the wake of the attack that “ransomware attacks are some of the most immediately damaging forms of cyber attack that affects home users, enterprises and governments equally.” However, they also note, “that there are a number of easy-to-implement defences against ransomware which can considerably reduce the risk of attack and the impact of successful attacks.”
Prevention is indeed the best medicine. The fact remains that for a number of individuals and companies whose data was held ransom, gaining access to their files again is of the utmost priority. The question is whether that’s possible. Some cyber experts are saying it is best not to pay up for your files, “based on the simple dynamics of perpetuating bad conduct” and the very real risk that, even if you pay, you won’t actually get your files back. Hackers, after all, are not that trustworthy.
Expensive Consequences
A cybersecurity report in Australia found that 60% of organizations surveyed had experienced a ransomware attack in the prior year. 57% of those companies paid the ransom. Rather un-encouragingly, “Nearly one in three of the organizations that paid did not recover their files.” In effect, paying for your files is a huge gamble, but it’s a gamble that a company without any backups of its files may have to take.
As technology commentator Trevor Long was quoted in the Guardian: “The moral and ethical challenge is the: ‘we don’t negotiate with terrorists’ line we’ve all seen in movies.” He said, “We feel that’s the right approach, but we are also presented with losing valuable personal memories like photos and videos – or, in the case of businesses, important documents or financial data.”
Proper Precautions
The attack makes the case for having multiple backups of your company data. Best case is one backup on the cloud, for ease of access, and one on a hardware device or internal server. The internal backup can’t be accessed by a virus. Companies that have no backup whatsoever are operating on very thin ice.
In the wake of the most recent attack, the National Cyber Security Center offered two sets of advice, one for individuals and one for business:
When it comes to protecting oneself from future attacks individuals and small businesses should “Run Windows Update. Make sure your antivirus product is up to date and run a scan – if you don’t have one install one of the free trial versions from a reputable vendor. If you have not done so before, this is a good time to think about backing important data up – you can’t be held to ransom if you’ve got the data somewhere else.”
For large organizations and corporations, the advice is similar as above, but also includes keeping an organization’s security software patches up to date. It also includes more technical prevention like controlling removable media access and filtering outgoing web browser traffic.