How to prevent ransomware

Among other forms of malware, ransomware blocks you from accessing your files, passwords or additional personal information until you pay a ransom to regain control. Ransomware appears in 10% of all data breaches, doubling its frequency in a year.

While malware such as viruses, spyware and bots can injure your device’s productivity, ransomware will lock you out of your system until you pay to remove the malicious program. Find out how ransomware can compromise your computer systems and how you can avoid it.

Where does ransomware come from?

Ransomware may come from numerous sources. Whenever a user visits a compromised webpage, opens a malicious email attachment, downloads an infected program, or communicates with another user whose device is infected with malware, ransomware can attach itself to their device.

Often, ransomware can reach your device through popular digital communication tools like email and instant messaging phishing attacks. In other cases, ransomware can spread through insecure public internet access.

At times, ransomware can also reach your device when you visit a malicious website. Known as “drive-by downloading,” this ransomware attack occurs when you unknowingly reach an infected website. Even if you only visit that website for a few seconds, ransomware can attach to your device.

How does ransomware affect your devices?

Ransomware attacks don’t usually begin the moment you download malware. It works first by infecting your device, then by locking — often encrypting — your data. This usually means you can still turn your device on but cannot access information stored in documents or databases.

After an attacker uses ransomware to lock down your data, users typically receive a ransom demand. This offer can be made in several ways. You might notice that your background image has changed to the ransom demand. In other cases, hackers will replace your files with a copy of the ransom note.

Many types of ransomware also work to maximize damage after they infect a device. For example, Maze ransomware scans your files and steals valuable data even if a ransom is paid. Another ransomware variant, WannaCry, also uses your device to search for other devices it can attack and encrypt.

Ransomware prevention

Whether you’re an organization or a private device user, ransomware is an intimidating form of malware. Fortunately, there are several steps you can take to protect your devices from malicious attackers. These same steps can also help you limit damage if your device is infected.

Develop an IT disaster recovery plan

An important first step in preventing ransomware is developing an IT disaster recovery plan. This plan helps your entire organization protect against ransomware, while identifying critical first steps in the event of a ransomware attack.

The right IT disaster recovery plan helps with far more than post-attack recovery, and should also include the following elements:

• Prevention — Actions your IT team and your entire organization can take that help to deter ransomware and perform surveillance on all important devices.
• Mitigation — Measures that help reduce the chance of a ransomware attack ever taking place.
• Preparedness — Activities that help users remain vigilant against ransomware threats, including anticipatory ransomware response training.
• Response — Plans that outline how users respond in the event a ransomware attack occurs, either on a single device or across an organization.

Your IT disaster recovery plan can look different from another organization’s plan. It’s important to customize your plan to the size and strengths of your organization and ensure all employees are aware of the plan’s steps in the event of a ransomware infection.

Keep systems up to date

Updating device systems is an even simpler approach to preventing ransomware attacks. Attackers often target users with outdated devices, or with outdated device operating systems, because their security parameters can be less protected.

After updating your device’s systems, it’s also important to update the programs you use. After a sizable operating system update, for example, your device’s programs might require an update to maintain compatibility. Hackers may find vulnerabilities to target with a ransomware attack if your updated device uses outdated programs.

Maintain backups

Whether you store your information on a server or the cloud, it’s important to maintain backup files. Store backup files in a separate location, preferably on a different device, to keep them accessible if you ever need them.

During a ransomware attack, backup files can often save your organization thousands, if not millions, in lost payments. Without backup files, your organization may need to spend time, and money, pursuing IT strategies that help restore file access.

You must frequently update your backup files to ensure they reflect any changes. Many device users trust cloud computing to back up their files securely since cloud storage solutions are typically secure — and you can set them to automatically back up your device’s files regularly.

Increase security on your devices

You can improve security on your devices in various ways. Many of these strategies are preventive:

• Don’t hand out your personal information.
• Log out of websites after you make a payment.
• Turn off both Wi-Fi and Bluetooth connectivity when not in use.

You can also take proactive steps to improve your device’s security:

• Use a VPN to encrypt your connection when using a public network.
• Read reviews and verify the reputation of an application before downloading.
• Diversify your passwords and change them frequently.
• Set up two-factor authentication across all devices.
• Only use trusted device charging stations.
• Disable any app or program permissions for your camera or microphone.
• Get trained on how to spot malicious links.

These and other measures can help keep your information safe, particularly when you use shared or public networks.

Use an intrusion detection system

As attackers grow more advanced in their ransomware deployment methods, IT teams are developing new ways to prevent malware, including ransomware, from reaching sensitive information. One emerging cybersecurity strategy — an intrusion detection system (IDS) — consists of programs that proactively alert IT personnel to security threats.

An IDS typically relies on both signature-based and anomaly-based intrusion detection. Signature-based protection compares ransomware threats to trends in your network to identify possible threats before they affect device performance. Anomaly-based detection uses machine learning to classify all device activity as normal or risky, depending on how users on your network normally operate.