Protect Yourself and Your Company From Ransomware

Ransomware is the cyber version of an old crime: instead of kidnapping and holding a person for ransom, a cyber-criminal will hold your data for ransom. Once installed on your computer, ransomware encrypts your data files. The only way to decrypt your data is to pay a ransom in exchange for a decryption key. Currently the FBI advises against paying ransoms, some victims have paid and still not received a decryption key from the attackers.

I have anti-virus, so I’m safe right?
Attackers introduce ransomware using the same attacks as any other malware, often malicious email messages with links enticing the recipient to click. End-user awareness is critical in preventing ransomware infections. Malware detection such as anti-virus programs may detect ransomware, but there can be a delay in their ability to detect new variants of ransomware. Reliance on prevention cannot be the only safeguard.

Application whitelisting
A technique known as application whitelisting has proven very effective in preventing malware from being able to run on servers and workstations. This technique limits the software programs allowed to run on the computer to those on a preapproved list. It can be difficult to identify all desired programs that might need authorization, especially on end-user workstations, but this technique is one of the better methods to prevent malware infections, including ransomware.

Data breach notification
If a ransomware infection is successful, the infection may be a reportable event under various data breach reporting laws, including the Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA regulators have recently published ransomware guidance that can be found here.

I have a back-up disk, so I’m safe right?
One of the most dangerous aspects of ransomware is that it can encrypt data on any drive your computer has access to, including backup drives. Network drives, such as file servers commonly used in business, and your local backup hard drives are also at risk. If your computer has assigned a drive letter to it, and you can browse files on it, then ransomware can get it.

Are Cloud Data Backups Safe?
Cloud backups can also fall victim to ransomware by using a local utility that mirrors the data on your computer with the cloud. If the ransomware encrypts your computer, and then synchronizes with the cloud, your last good backup in the cloud gets overwritten with encrypted data.

Keep One Offline Backup
The only certain recovery from ransomware is an offline data backup. This means the computer cannot be connected to the backup drive when the ransomware strikes. One straightforward albeit inconvenient option is to keep two external back-up drives: one is always plugged in and the other is not. Unfortunately one must remember to plug in the second drive, run a backup, and then unplug.