How to Prevent a Point of Entry for Ransomware

by SEP Blog Team | Ransomware, Data Protection

The tactics used by cyber criminals are constantly evolving. Fighting off malware, viruses, and hackers may seem like an endless challenge that you can't win but there are measures you can take to tip the scale in your direction of preventing an infection.

Ransomware has been a big business for years but has recently grown in application. In 2018, 67% of all small and medium sized businesses in the U.S. experienced a cyber attack and 47% said they have no understanding of how to protect their companies against these attacks.

According to the Cisco 2018 Security Capabilities Benchmark Study, "54 percent of all cyber attacks result in financial damages of more than US$500,000 including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs. That amount is enough to put an unprepared small/midmarket business out of operation—permanently."

Here are a few of the paths cyber criminals use to infect a system with ransomware:

  • Phishing emails with infected attachments or links to infected websites
  • "Drive-by Downloading" - malware is added to a system without users knowledge after visiting an infected website
  • Social media via web-based instant messaging apps
  • Vulnerable web servers used to gain access to an organization's network
  • Transfer of a Trojan that has a payload disguised as a legitimate file

Unfortunately, there are no foolproof ways to prevent every attack scenario. But following the tips below will help prevent a ransomware infection.

Update your computers

For Windows XP or Vista users, you should have received a warning from Microsoft that the company no longer supports these operating systems. Unless you upgrade to Windows 10 or purchase new equipment, your existing system is at high risk for infection. Turn on the Automatic Update feature for all computers. By turning on this setting, you will allow the automatic installation of security patches when they become available, so your system is always operating at peak performance.

Update your browser

In addition to updating your OS, your browser and any plugins that you have on your computer need to be kept up to date. Hackers often exploit vulnerabilities in popular browser plugins like Java or Flash which result in infection. Even simple tasks like visiting a website or viewing an ad can introduce ransomware to your computer.

Install anti-malware & anti-virus software

IT can take little effort for hackers to make their way into your computer. By adding extra security to your system you can force hackers to work twice as hard to access your data. You can limit or mitigate an attack by installing reliable anti-malware and anti-virus programs that will provide an additional level of protection.

Be cautious when opening emails

Do not open any suspicious attachments or click any links in a suspicious email. Check the email for spelling and grammatical errors, mistakes are often common in phishing emails. A sender’s name may be spoofed to make an email appear legitimate. Double check that the sender's email address matches the name it was sent from. In most email apps you can see the sender's email address by hovering over the sender's name. Make sure the information matches before clicking on anything.

Backup your data

It is absolutely imperative that you backup your data regularly. Ransomware has been intentionally designed to encrypt all data connected to the infected device regardless of where it may be stored. Backup to a secure system that is separated from your main network. Using disk or tape backups can be a highly effective recovery strategy due to the separation between your backup copies and your network. If your business has decided cloud is the right solution for your backups, make sure there is a partition between your system and your cloud copies.

A backup and recovery system must be a high priority to protect your business from the severe repercussions of ransomware. If you are in doubt of how to get started, SEP offers a software backup solution to protect data in environments of any size or type - physical, virtual or cloud. Supporting the most comprehensive range of OS, VMs, databases and applications, SEP software will integrate with your current infrastructure and allow you to design a ransomware strategy that fits your current needs. Contact us to find out more or download a free 30-day trial with full support.

SEP Backup & Disaster Recovery Free 30-Day Trial