GlobalSign Blog

19 May 2017

How To Protect Your Start-Up From Ransomware

Cyber-attacks are making the lives of internet users very difficult. Ransomware in particular has been one of the most disruptive types of attack that hackers are using. Unfortunately, ransomware attacks are accelerating and intensifying with more victims each and everyday. Take the most recent example of WannaCry that took over the news at the end of last week, which has infected over 200,000 computers in over 74 countries.

Small businesses and start-ups are highly susceptible to cyber-attacks like this. Last year alone, 43% of attacks were on small businesses, a number that continues to increase. With a smaller budget and lack of resources, it can be almost impossible to recover your data, find the attacker or even pay the ransom.

That is why you need a strategy for preventing ransomware before it wreaks havoc on your day-to-day business.

What Is Ransomware?

Ransomware is a type of malware that accesses the operating system of a device and encrypts user data, blocking the user from the access of that information. In order to regain the access to blocked data, the person has to pay a ransom amount demanded by the hacker.

Until the ransom amount is paid; the attacker will not decrypt the data files or release them back to your business. You can't even be sure that when you pay the ransom, your data is sent back to you the same way it was stolen or that the hacker hasn't retained a copy for themselves.

Types of Ransomware That Can Affect Your Start-Up

To avoid becoming a ransomware victim, you must be aware of the various types of ransomware attack and their intensity. There are certain signs that can tell you about the type of ransomware trapping your system data.

Scareware

This type of ransomware is the least harmful and unlike its name, not very scary at all. When a device is attacked by scareware, it shows a warning of umpteen issues in the system. The warnings consist of spurious antivirus or clean-up tools through which a demand money is made in order to fix those given warnings.

In this kind of ransomware attack, your system remains working and your data is normally safe. Although, if you leave it unresolved, it could continue to give pop-up warnings claiming to 'discover' new issues in your system.

Lock-Screen Ransomware

If you start your device and find a frozen window, you might have lock-screen ransomware on your device. This ransomware with the locked-screen full-sized window, sometimes shows an FBI or Department of Justice logo claiming you have participated in an illegal act and for that, they demand a fine.

Encrypting Ransomware

Encrypting ransomware is ultimately the most popular and troublesome to resolve (and also the kind used in the aforementioned, widespread WannaCry attack). Encrypting ransomware as its name implies, encrypts the files of the trapped device and demands money for decrypting the data. It is considered as one of the most harmful ransomware types because of the fact that once you are a victim, it is highly unlikely you can recover or access your data without paying.

How to Prevent Ransomware

The best way to protect your device from a ransomware attack is to follow some effective precautionary measures outlined in this article. All of these discussed methods will allow you to prevent a ransomware invasion without spending a cent.

Data Backup

For all of your valuable and sensitive data files, the most important step is to create backup support. To keep the record and copy of your worthy data, you could use cloud storage (many companies offer free services under a certain limit). You could also use removable disks to maintain data backups.

This won't stop the attacker from gaining access to your systems but you can still access your files and you will be able to remove the ransomware and recover all your most valuable company data.

Enhancing Spam and Email Security

A ransomware attacker spreads their destructive malware through botnets and deliver a huge portion of spam emails. They create a link that instantly downloads the malware from an email and all you have to do is fall into the trap! Recent advancements in email allow you to adjust and modify your anti-SPAM filters. Consider changing your SPAM filter settings in a way that the virus contaminated emails can’t make into your inbox.

More importantly, educating employees on how to identify phishing emails can go a long way in preventing ransomware from entering your network, since these spoofed emails are commonly used to trick people into downloading malicious attachments. Phishing simulation tests are a tried and true method for introducing employees to common tactics so they don’t fall victim.

Install Firewall Protection and Anti-Virus Software

Most ransomware requires connection to your command and control servers to obtain important keys needed during the encryption process. However, Windows Firewall and additional firewall apps could recognize and cease this kind of traffic, preventing data encryption by the virus. Thus, the attack is stopped before it has even started.

Block Risky File Extensions

Extensions such as pif, .cmd, .bat, .scr, .vbs, .rtf. docm, .rar. .zip, .js, .exe, are risky file attachments that could contain ransom Trojans. It is a good move for your business to configure your email program in such a way that it could stop incoming messages with potentially harmful content on board.

You should block any attachment that requires activation of macros in office documents or wants to execute scripts.

Avoid Using Remote Services

Sometimes the ransomware attackers use remote support apps to execute an infection into a device. Such an attack was reported by a surprise ransomware in March 2016 through using TeamViewer remote support app. To prevent such an attack, you should set up two-factor authentication when connecting to a remote service.

Rename ‘vssadmin.ext’

An attacker can use the vssadmin.exe file and enter the: Delete Shadows/All/Quiet command, in order to delete Shadow Volume Copies of your files, rendering you incapable of accessing previously restored versions of your files.

It is recommended that you rename vssadmin.exe so that the ransomware attacker cannot find the file and delete it.

Last Resort - Find a Decryptor

In the event that you still find yourself held at ransom by an attacker, you might be lucky enough to be infected by a ransomware that has already been decrypted by a security researcher. There are many free decryption ransomware tools that you can have a look through to find one that looks like yours and run a program to get access to your data back.

Conclusion

In the period of such cyber-threats, ransomware can do a lot of damage to your business, even halt operations completely. It's better not to wait until you are a victim of the attack and pray that someone has released a decryption tool. You should make some small changes to your business IT in order to prevent the attacks from happening in the first place.

If you aren't IT savvy yourself, my advise is to look into hiring an IT consultant for a day to update and adjust your network. But it shouldn't stop there, make sure you bring them back every three to six months to get updates and configured based on new best practice. The IT industry is always changing and if you aren't keeping protected from the latest attack vulnerabilities, you are leaving your business open to data theft and ransomware attacks.

About the Author

Peter Buttler is a professional security expert and lecturer. He completed Masters of Science in Cybersecurity Technology and is now a specialist, contributing to digital privacy, cybersecurity and technology. He interviews security geeks to present expert opinion on current security affairs. In the last couple of years, Peter has also served as a Digital Content Editor and Journalist for several security organizations. During writing Peter emphasizes on security trends and other technology news that are directly related to individuals privacy. Follow him on Twitter @peter_buttlr.

Share this Post

Write for Us

Apply Now

Subscribe to our Blog