Ransomware. Today, one of the most wide-spread and damaging threats that internet users and organisations face.
In short, it is a type of malware (malicious software) designed by cyber criminals to block access to a computer or system until a sum of money is paid. In true cyber war talk, it keeps the computer ransom.
No ad to show here.
How does it happen?
There are two main ways that a ransomware attack starts: it either happens via an email with a malicious attachment, or by visiting a compromised (often a legitimate, mainstream) website.
- Malicious email: Today’s cyber criminals are crafting emails that are indistinguishable from genuine ones. For example, they may draft grammatically correct emails with no spelling mistakes, and often written in a way that is relevant to you and your business. Therefore unsuspected users click on links they normally would avoid.
- Malicious websites: Another common way to get infected is by visiting a legitimate website that has been infected with an exploit kit. Even popular, mainstream websites can be temporarily compromised. Exploit kits are black market tools that hackers use to exploit known or unknown vulnerabilities (such as zero-day exploits). You browse to the hacked website and click on an innocent-looking link, hover over an ad or in many cases just look at the page. And that’s enough to download the ransomware file.
Nine best security practices to apply now
Make sure you’re following these nine best practices:
- Backup regularly and keep a recent backup copy off-line and off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Enable file extensions. The default Windows setting is to have file extensions disabled, meaning you have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.
- Open JavaScript (.JS) files in Notepad. Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.
- Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!
- Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt leave it out.
- Don’t give yourself more login power than you need. Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents or other regular work activities while you have administrator rights.
- Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel. In particular, the viewer software doesn’t support macros, so you can’t enable them by mistake!
- Patch early, patch often. Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash and more. The sooner you patch, the fewer holes there are to be exploited.
- Stay up-to-date with new security features in your business applications. For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”, which helps protect against external malicious content without stopping you using macros internally.