Ransomware is a type of malicious software that encrypts files, preventing access until a demanded sum of money is paid in exchange to unlock files. Individuals and businesses have become targets in this growing online fraud.
While monetary losses to individuals and businesses can be excessive, businesses have more to lose, since cybercriminals can gain access to clients’ personal information and extort money from them as well as the business. Fraudsters can buy a kit on the dark net for about $175 and charge a business a ransom of approximately $84,000 per attack.
Certified Information Security Manager Margo Leiter offers nine tips for consumers and businesses to help prevent ransomware attacks.
Tips for consumers:
• Don’t click. Visiting unsafe, suspicious or fake websites can lead to the intrusion of malware. Be cautious when opening any email with attachments or links you are not expecting, even when you recognize the sender. When in doubt, throw it out!
• Always back up your files. By maintaining offline copies of your personal information, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to heed threats posed by cybercriminals.
• Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you’ll receive the newest fixes as they become available.
• Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen.
Tips for businesses:
• Educate your employees. Employees can serve as a first line of defense to combat online threats if properly trained to recognize malicious emails, websites and online ads. A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.
• Manage the use of privileged accounts. In an effort to limit your network’s exposure to malware, restrict users’ ability to install and run software applications on network devices.
• Have a plan. Determine how you will keep the business running in the event of an attack. Teach employees what to do, such as unplug from the internet immediately. Law enforcement doesn’t recommend paying the ransom as this encourages criminals to continue. Routinely back up and store the data on a separate device or offline in order to access it in the event of a ransomware attack.
• Protect your systems. Keep antivirus, anti-malware, and firewalls up to date and patched. Conduct regular scans. Hire a security professional.
• Report ransomware. Contact your local FBI field office immediately to report a ransomware event and request assistance. Visit https://www.fbi.gov/contact-us/field to locate the office nearest you.