One of a company’s worst nightmares goes a little something like this.
An employee boots up their computer at the beginning of the work day. A couple of minutes into work they get an email from someone who seems to be a coworker. They click the link without thinking, and a message flashes onto their screen:
“Your files have been encrypted. You have 24 hours to pay a fine of $500. If you do not pay the fine, your files will be permanently encrypted.”
Yesterday, for several companies across Europe and Asia and even in the United States, that nightmare became a reality.
The world was rocked by a ransomware attack that first incapacitated governmental computer systems in Ukraine. As the New York Times reported, “the outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.”
At times like this, we can feel helpless. But we don’t have to if we know how to protect ourselves from these vicious assaults.
An introduction to ransomware
PC Mag describes it best: “there are three things to know about ransomware: it's scary, it's growing fast, and it's big business.”
Ransomware is malware sent to someone (usually via email) that attempts to extort victims by holding personal information captive.
“The evil genius of ransomware is that victims are far more likely to pay small amounts to recover crucial data. And if enough people give in, the total can be substantial,” writes Hiawatha Bray in the Boston Globe.
So what can we do to protect ourselves?
“Prevention is the most effective defense against ransomware and it is critical to take precautions for protection.” – The US Department of Justice.
With that in mind, follow these tips to prevent a ransomware attack from wreaking havoc on your company:
Back up data regularly.
Secure your backups.
Update your system regularly and keep up with software patches.
Train employees to be cautious about email attachments.
Did you ask or expect an attached file from this person you sort of know? Is this email out of the blue or out of character? Teach your employees to ask themselves these questions before they click on a link or download a file.
Employees should never open an attachment from someone they don’t know.
If you ever find yourself a victim of a ransomware attack, remember this: if you pay the ransom, you may not get your files back. These people are criminals, and it could cost you and your company even more money if you take a criminal at their word.