Tech Tip: What is Ransomware and how can I avoid it?
Ransomware is the next evolution in computer viruses. A computer virus, like a virus in nature, has two goals. The first goal is to spread itself as quickly as possible. The second goal can range from something harmless, like displaying a funny message or an annoying ad, all the way to erasing all the data on your computer. Ransomware is a special kind of virus that tries to make money for its creator, by holding your data for ransom and demanding payment. Usually, when the ransom is paid the data is unlocked and returned to you – but that won't stop the virus authors from trying to infect your computer again.
How do they hold my data for ransom?
One way is by accessing your PC and locking key files using encryption, and then try to force you to pay the virus author to unlock and return your files. On your home computer, this can be as simple as taking your personal files and lock them, making them unreadable. At work, this could be all the images on the company website, the company's payroll data files, financial statements, EDI data – anything the virus author thinks is important enough that you will pay them to get it back.
How do I avoid getting hit by a Ransomware virus, or any virus for that matter?
There is no perfect set of instructions to keep your company 100% safe from viruses. This is an ongoing battle between the people who write viruses and the people who defend systems against viruses. But you can easily reduce the probability of getting a virus, as well as the potential impact if you do get a virus, by following some best practices and basic guidelines. In this article, we've put together some tips to help educate our customers on defending their systems from viruses – with 3 main areas of focus: Education, Network Defense, and Minimising Impact Severity.
The first line of defense will always be education. It is much harder to infect the computer of an educated user than it is to infect someone who isn't aware of how computer viruses spread. Train your team to be on the lookout for suspicious emails, and to "look for the lock."
Back in the early days of viruses, there were badly-written emails about how some "foreign prince" needed your help to get money into the US. And if you sent him your bank information, he would give you a cut of the money he was bringing. These email tactics are now gone for the most part, replaced by something harder to spot. Targeting emails are now written to look like they were sent by companies you work with, and people you talk to. For instance, you might get an email from a bank, stating your account information needs to be reviewed and you should log in right away. Or, you might get an email that looks like it is from your best friend or coworker with almost no information – just a link to some unfamiliar website.
If you receive an email like this from a company you don't work with, simply delete it. And if a company you do work with says you need to update your information, be cautious, especially if this is the first time they have sent you an email.
Virus writers also tend to make their request sound urgent, with phrases like: Your account is going to expire; Your information is going to be cancelled; Someone is trying to hack your account; Update your information NOW! The more urgent the email sounds, the more suspicious you should be. If you aren't sure, don't click the link. Instead, give the company a call, or go to their website and log in manually (see "Look for the Lock" for more details.)
A savvy computer hacker can also send an email that looks like it comes from anyone – even your coworkers. If someone you know sends you an email and it looks odd, try hovering your mouse over their name, and see if the email address is correct. If you're really suspicious, try contacting the sender to verify they really sent the email.
When in doubt, don't click the links. Virus authors are very proficient at what they do. Sometimes they can even exploit known bugs in Windows and just visiting the wrong web page will get you a virus.
"Look for the Lock"
If you receive an email from a company or person and it passes the tests above, remember to "Look for the Lock" before you provide any account information.
At the top of the web browser, where you input website addresses, you will see a lock like this (each browser shows it a little differently):
Or like this:
A green lock means the owners of the website you are on has been validated by a certificate authority on the internet and is who they say they are.
An unsecure or bad website link looks something like this:
You should not be entering important information on a site with a red or open lock.
Sites that do not have a lock at all might be safe to browse but you should never put your account information in unless you see a lock.
While educated users are an important part of any decent defensive strategy, these users are also human beings who may make mistakes once in a while. If your network can block most of the problems before they get to the users, the probability of a mistake drops dramatically.
Many viruses get into your company in junk emails called SPAM. Virus authors send out thousands at a time and hope 1% of the recipients click and get infected. Because of the quantities sent, these emails aren't personally written and typically contain a "signature" that can be recognised. This allows the SPAM filter to send the email to a junk folder before the email reaches your inbox. The better the filter, the less SPAM gets through to your users. SPAM filtering is usually done in one of a few ways, including via your mail hosting provider, cloud-based services, anti-virus software, or via an appliance that can connect to your network. There are a lot of options on how to filter SPAM, so your executive team and your IT team should work together to determine which option is best for your business. No matter what option you choose, it is important to have a solution in place.
Another way viruses access your network is through websites that your employees are using. Virus authors embed their virus code into websites that sound safe, but have been hijacked by the virus author due to poor security. Once a site has been compromised, anyone who visits might accidently download a virus. There are plenty of anti-virus options that provide scanning software to help keep computers safe. Anti-Virus monitoring on each machine that can access the internet is an important step in keeping the whole system safe.
Apprise recommends selecting a vendor that lets you manage your software from a corporate level. Many of the providers allow you to see which computers are on your system that don't have anti-virus software on them or haven't been updated recently. Most solutions allow you to push changes to every computer on your system with one click. This is important because as new viruses are written, you'll need to update your anti-virus software to detect their signature.
Minimising Impact Severity
While the steps above are designed to prevent Ransomware and viruses from accessing your computers and networks, it's also important to take steps in advance, to minimise the damage in the event that a virus does gain access to your system. As mentioned previously, virus protection is a constant battle. Maybe you've done everything right but someone went to a compromised website before the new virus signature was published. Or maybe someone brought their home laptop into work and their kids downloaded a virus onto it. Sometimes bad things happen to good people who were trying to do everything right. If you ever do get a virus into your network, you'll be glad you had these additional safeguards in place.
Who has access to what?
The first step is to limit the damage a potential virus could do, by making sure users only have access to the drives on the network that they need. If users need to look at certain information, but don't need to change it, you can give them "read only" permission. This way, if a user gets a virus on their machine, the virus would not be able to overwrite the data on those read-only drives.
If you don't need it, disable it and/or put walls up where they make sense
There are Ransomware viruses that take control of your laptop camera to spy on or take pictures of you. Something as simple as a Post-it note over the camera is an easy way to prevent that risk, even if your computer were to get infected. Most users should do this today, as it is simple, low-tech, and very effective.
At Apprise, we also have a number of customers who come in for training. Their machines are not controlled by our IT team and may or may not be virus-free. So, we isolate those machines from our network by creating a separate mini-network that allows our customers to connect to the internet without connecting to our network. Consider adopting similar techniques for any computers on your network, which are not controlled by your IT team.
You have good backups, right?
Computer viruses are evolving quickly and someone in your company might someday make a simple mistake. So the last piece of advice is to make sure you have a solid plan for creating backups. Hopefully, all the other tips will save you from needing your backups to recover from a virus but if not, backups will be your final line of defense.
Want to keep receiving future communications? Sign up for email updates, ideas and news from Apprise.