How to prevent ransomware attacks

Where do ransomware attacks come from?

While malware such as viruses, spyware and bots can injure a device’s productivity, ransomware attacks will lock users out of their system until they pay to remove the malicious program. 

These attacks may come from numerous sources. Whenever a user visits a compromised webpage, opens a malicious email attachment, downloads an infected program, or communicates with another user whose device is infected with malware, ransomware can attach itself to their device.

Often, this cyberthreat can reach devices device through popular digital communication tools like email and instant messaging phishing attacks. In other cases, it can spread through insecure public internet access.

At times, ransomware can also reach a device when it visits a malicious website. Known as “drive-by downloading,” this attack occurs when an unknowingly infected website is visited. Even if that website is visited for just a few seconds, the harmful program can attach to a device and cause an infection.

How does ransomware affect devices?

Ransomware attacks don’t usually begin the moment malware is downloaded. It works first by infecting the device, then by locking, and often encrypting, user data. This usually means the device can be turned on but cannot access information stored in documents or databases.

After an attacker locks down data, users typically receive a ransom demand. This offer can be made in several ways. They might notice that a background image has changed to the ransom demand. In other cases, hackers will replace files with a copy of the ransom note.

Many types of ransomware also work to maximize damage after they infect a device.  Another variant, WannaCry, also uses a device to search for other devices it can attack and encrypt.

Others include locker ransomware (simply locking users out of the device), scareware (locking users out of the device or flooding the device with pop-up alerts), and leakware/double extortion (threatening users with leaking private data to the public).

Ransomware protection

Whether it's an organization or a private device user, there are several steps to take to protect devices from malicious attackers. These same steps can also help limit damage if a device is infected.

Develop an IT recovery plan

An important first step in preventing device and network attacks is to develop an IT disaster recovery plan. This plan helps the entire organization protect against threats while identifying critical first steps in the event of an attack.

One IT disaster recovery plan can look different from another organization’s plan. It’s important to customize a plan to the size and strengths of an organization and ensure all employees are aware of the plan’s steps in the event of an infection.

The right IT disaster recovery plan helps with far more than post-attack recovery, and should also include the following elements:

• Prevention — Actions the IT team and an entire organization can take that help to deter damage and perform surveillance on all important devices.
• Mitigation — Measures that help reduce the chance of an attack ever taking place.
• Preparedness — Activities that help users remain vigilant against threats, including anticipatory response training.
• Response — Plans that outline how users respond in the event of a ransomware attack occurring, either on a single device or across an organization.

Keep systems up to date

Updating device systems is an even simpler approach to preventing ransomware attacks. Attackers often target users with outdated devices or with outdated device operating systems because their security parameters can be less protected.

After updating a device’s systems, it’s also important to update the programs used. After a sizable operating system update, for example, a device’s programs might require an update to maintain compatibility. Hackers may find vulnerabilities to target with a ransomware attack if updated devices use outdated programs.

Maintain backups

Whether information is stored on a server or in the cloud, it’s important to maintain backup files. Store backup files in a separate location, preferably on a different device, to keep them accessible if users ever need them.

During a ransomware attack, backup files can often save an organization thousands, if not millions, in lost payments. Without backup files, an organization may need to spend time and money pursuing IT strategies that help restore file access.

It's vital to frequently update backup files to ensure they reflect any changes. Many device users trust cloud computing to back up their files securely since cloud storage solutions are typically secure and can be set to automatically back up a device’s files regularly.

Increase security on devices

Device security can be improved in various ways. Many of these strategies are preventive:

• Don’t hand out personal information.
• Log out of websites after making a payment.
• Turn off both Wi-Fi and Bluetooth connectivity when not in use.

Take more proactive steps to improve a device’s security:

• Use a VPN to encrypt the connection when using a public network.
• Read reviews and verify the reputation of an application before downloading.
• Diversify passwords and change them frequently.
• Set up two-factor authentication across all devices.
• Only use trusted device charging stations.
• Disable any app or program permissions for a camera or microphone.
• Get trained on how to spot malicious links.

These and other measures can help keep information safe, particularly when using shared or public networks.

Use an intrusion detection system

An IDS typically relies on both signature-based and anomaly-based intrusion detection. Signature-based protection compares ransomware threats to trends in a network to identify possible threats before they affect device performance. Anomaly-based detection uses machine learning to classify all device activity as normal or risky, depending on how users on a network normally operate.

Consult professionals