The recent payment of $20,000 to an extortionist by The University of Calgary highlights how appealing and lucrative ransomware attacks are to hackers. Ransomware is malicious software that installs itself on the computers on your network and encrypts all the files making them inaccessible to your staff. On payment of the ransom, you will typically receive a key, consisting of a string of letters and numbers, that will cause the ransomware to decrypt your files.
What should companies do to minimize the risk of becoming a victim of a ransomware attack?
Never click on a pop-up
Never click on a web page pop-up that claims your computer has a virus. Such a pop-up, as illustrated below, is always a hoax. Clicking on the pop-up will almost certainly result in malware being installed on your computer.
Always use anti-virus software
Never operate a computer without anti-virus software. When your anti-virus software encounters a virus it will display a dialogue box as illustrated below.
You can start by installing one of these free software packages reviewed by PC Magazine. These products are free for an initial time period and then want you to pay for continued use of the software and for updates. There are websites that appear to offer free anti-virus software but will actually install ransomware on your computer. You can recognize unsavory websites by their unusual domain names on the address line of your web browser.
In any case, update your anti-virus software often. Most anti-virus software has an auto-update feature.
The dialogue box at right illustrates what the auto-update feature looks like in action. Don’t turn it off. As an extra precaution, scan your computers for viruses regularly.
Don’t click on links or attachments in emails
Don’t click on links in emails sent to you by someone you don’t know. Even if you recognize the sender, be cautious because their email address may have been hacked and used as a way to send an avalanche of spam.
You can confirm a risky link by gliding the mouse over the link as shown in this supposed email from Air Canada. You’ll notice that the grey URL text in the box is different from the blue URL text in the email. That difference tells you this email came from someone masquerading as Air Canada. It takes only one careless click for ransomware to be installed on your computer.
The same caution applies to email attachments. Double-clicking an attachment you aren’t confident in is all that is required for ransomware to be installed on your computer.
Turn on your browser’s pop-up blocking feature
Turn on your web browser’s pop-up blocking feature as shown below.
The dialogue box illustrates the result when pop-up blocking is active. Always leave websites when your software displays a problem like this.
Never download anti-virus software from a web page pop-up or link sent to you in an email. Clicking on the pop-up will almost certainly result
in malware being installed on your computer.
Backup data regularly
Backup your data regularly. Confirm backups are running by checking the dialogue box. Secure your backups by storing them offsite.
Run a test restore from a backup to a test server at least once a year to confirm that the restore and the backup processes are working correctly.
Don’t install two anti-virus software packages
Installing two anti-virus software packages, thinking they will complement each other, doesn’t work and wastes money. The two anti-virus software packages will:
- Require considerable processing power that will slow your computer.
- Each claim the other software package is a source of viruses or malware and display distracting messages.
Responding to a ransomware request
If you’ve received a ransomware request, consider your actions carefully. You will need to:
- Judge the likelihood of actually receiving the decryption key even if you pay the ransom. To maintain their reputation, almost all ransomware scammers will provide the decryption key after payment.
- Confirm you have a reasonably current backup of your data.
- Judge if you can successfully install the backup of your data as an alternative to paying the ransom.
- Estimate the elapsed time required to copy data from that backup and determine if you can afford this amount of downtime.
- Estimate how much time will be required to actually make the payment in bitcoins because you likely have never paid for anything in bitcoins.
- Develop a way to remove the ransomware from your computers to prevent a repeat request for a ransom from the same ransomware.
It’s useful to contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report your ransom incident. The centre’s website also contains useful information to strengthen your defenses against all types of fraud. If you have been a victim of a fraud, contact your local police force.
Can you share your ideas for how you would mitigate the risk of receiving a ransomware request?