Quick and simple, ransomware works by encrypting your hard drive and any device connected to your computers.  This makes all of your files inaccessible and you will see text documents in every folder with instructions on how to pay the ransom to get your files decrypted.

A fun fact about ransomware is that in 2020 the attacks increased by 130%.  If you break down that number, 81% of the total infected are enterprises, and 62% of those enterprises are small to medium sized businesses that don’t have sophisticated cybersecurity measures.

I won’t go in to depth telling you the obvious things like: don’t use outdated software such as Windows 7 and older, make sure everything is up to date, and to be sure you have a good anti-virus solution.  However if you do those 3 things right away, it will greatly reduce the chances of getting your systems hijacked by hackers.

How to Spot a Phishing Email!

  1. Most of the time the hackers gain access to the system from a phishing email where the user willingly gives the hacker their access credentials.
  2. Check the email address! If the email is legit it should come from the domain associated with said company. For example: an email from Best Buy will come from BESTBUY.COM and NOT info@infobestbuy.to    or    bestbuyinfo@yahoo.com  or bestbuy@htpshfs.website  Typing the domain (the part after the @ into the browser) to see if it takes you to the actual website or not is a good quick test of legitimacy, but it is not entirely fool proof and could result in system infection.
  3. Check for obvious grammar mistakes. In case you aren’t aware of this, the hackers are normally not fluent in the English language.
  4. If it looks questionable as to why they would need your login information, it is probably because it is. Check everything ten times before giving anyone login credentials.  If you entered the password somewhere that you instantly regretted, change your password ASAP!

Keep your backups on the Network/Cloud NOT local USB hard drives

  1. Although backing up data to a local drive might seem like an easy way to stay protected, ransomware will encrypt your backup files, in turn, making them useless without paying the hackers for the encryption key.
  2. Storing your files on a network shared drive such as Network Attached Storage (NAS) or file server will safeguard your backed up data from MOST of the ransomware attacks. I say most because as hackers become more and more sophisticated ransomware could affect network devices as well if they are not protected with passwords.
  3. Store your backup on the cloud. Although you can restore individual files, most people do not store system images to the cloud.  Ransomware can damage system files which would require a system state restore from the image.  Having an image of your server or workstation somewhere safe on the network or an external disk that is only plugged in while the backup is performed and is rotated out is the most effective way to recover from a ransomware attack.

Limit what everyone, including you, can do on their computers.

  1. Being on a domain such as Microsoft Azure or a local domain prevents users from installing software or executing malicious programs on their machines. Setting up a user on a workgroup is a good idea to limit account permissions instead of allowing admin access for this exact reason.  Giving limited permissions prompts for administrative rights before any elevated action can be performed (such as access to encrypt files).

Although there are multiple things that can be done to further prevent ransomware attacks such as: packet filtering on the firewall level, spam filtering through 3rd party cloud based services such as AppRiver, and having a good antivirus like WebRoot, ultimately the most effective and simple thing that everyone can implement is to safeguard your passwords and change them every 30 days. Doing so will go a long way in preventing cybercrime from happening to you or your organization.