What is ransomware and what can you do to mitigate its effects?
By Nishal Bipinchandra, Head of ERM (Global IT and Security) at Felda Global Ventures Holdings Berhad
Ransomware is a malicious software that cybercriminals use to encrypt and hold your files (or computer) ransom, requiring you to pay a certain amount of money to get your info decrypted. Since its discovery, ransomware has been growing at a tremendous speed with more and more users; business and consumers getting infected. This is critically affecting the productivity and reputation of many companies, which a majority of them are paying for in the end.
Even if your organisation is not protected by a comprehensive network security solution, there are still a few things that you could do to prevent or at least minimise the damage.
1. Backup Your Data
Offering not only a level of protection against ransomware, doing a regular backup of your data can help you whenever your computer or network encounters a failure. Remember to do it on an external driver (better if password protected), which should be disconnected when not in use. This will avoid any access from it by ransomware.
2. Show Hidden-Files extensions
By default, some Windows systems will hide known file extensions (e.g.: “FILE.PDF.EXE”), and this prevents people from recognising a potential threat when they see it. cybercriminals know about this and will disguise the file under another name. By enabling the ‘show hidden-file extensions’ feature, you will be able to more easily spot suspicious files.
3. Make Sure Your Computer is Up-To-Date
Many cybercriminals will rely on existing vulnerabilities of users running outdated software to get access to their computer. Whenever possible, remember to do regular update of all your software, including OS system, and if possible let it run automatically for convenience.
4. Do a System Restore Whenever Necessary
Remember to enable System Restore (if you are using Windows) whenever possible. This might help you to take back your system to a state before it was infected by ransomware.
5. Disable Remote Desktop Protocol (RDP)
Cybercriminals might get access to your computer through Remote Desktop Protocol (RDP), which is a tool available in Windows that allows others to access your desktop (for technical support and other function). If you do not use it in your company, it is a good idea to disable it just in case.
6. Be Quick: Disconnect Your Internet Connection
If you suspect that your computer got infected after opening a file with ransomware, disconnect all connections to the Internet IMMEDIATELY by closing your WiFi connection and/or unplugging your LAN cable. This will delay or stop the communication with the C&C (command & control) server before it finishes encrypting your files, and if you are lucky, it might save you.
7. Filter “.EXE” Files in Emails
If your Company has a gateway email scanner and if it can filter files according to their extension (e.g.: .EXE), it could be a good idea to deny emails with the .EXE extension as it is really not used on a daily basis, actually.
8. Use a Reputable Antivirus, Anti-malware and Firewall solutions
Even if this is only useful on a user-level, it is always nice to have your own computer protected with a good antivirus, malware and firewall solutions to help you identify and stop potential threats. There are many free software available on the Internet, so if you do not have one at the moment, go and download them now!
9. Disable macros in Microsoft Office files
Microsoft Office documents containing built-in macros can contain embedded code written in programming language (VBA) and be dangerous as they can become a potential vehicle for malware such as ransomware. Disable it for further security.
10. Last but not the Least, Educate your Users!
All the above tips are only useful if followed by every employee in the company. That is why IT managers have to make sure that everyone knows about the risks of ransomware, what it could do, and how to protect themselves or at least minimise its damage.
(This article first appeared on LinkedIn)