In May 2017, ransomware went “mainstream” when an attack hit the deadlines for effectively disabling thousands of computers across the world.
The most high-profile victim was the UK’s National Health Service. The ransomware found its way onto computers in hospitals and doctors’ surgeries, disrupting the health service to the point that ambulances were diverted and operations were cancelled.
It wasn’t only the NHS. During the outbreak of the “WannaCry” ransomware, over 200,000 computers were infected, and big name firms including Vodafone, Nissan and Fedex were among those named in the press reports.
After the extensive publicity brought on by this hack, it’s little wonder that “ransomware” is now a term that’s entered the mainstream lexicon, and no longer something only tech enthusiasts are aware of. Ransomware is also a type of online exploit that’s booming globally, with attacks up 250% this year.
So, with that in mind, this article looks at what you can do to avoid being one of the next victims – either as an individual, or as a business.
Here are five strategies to take on board:
Step 1: Keep on top of your updates
The biggest irony of the May 2017 hack is that it could have been largely avoided if IT departments had been keeping on top of their software updates. The infection in question spread itself over network file shares, which was what allowed it to run riot in organisations like the NHS.
However, Microsoft had actually released a patch to prevent this spread some time before the ransomware took hold – it’s just that in many organisations nobody has gotten around to installing it. Essentially the IT departments concerned had done the equivalent of ignoring their updates – clicking “remind me later” for weeks on end.
This advice is as relevant for individual computer users as it is for large IT teams: don’t keep ignoring updates! They’re released for a reason, and are often there to patch significant security flaws that hackers are just waiting to exploit. While waiting for an update to install, and perhaps a subsequent reboot, can disrupt your day, it won’t disrupt it nearly as much as a ransomware attack.
Step 2: Treat every email and website with suspicion
A huge number of infections are essentially “invited” onto computers by users who are tricked into clicking through from malicious emails or installing software that’s posing as something genuine.
It’s therefore essential to always maintain a high level of suspicion when doing anything online. Hackers are adept at creating emails that seem to have come from big-name companies, and building fake website login pages that trick people into revealing their credentials. Sometimes it’s only a single letter wrong in a domain name that reveals a site isn’t genuine.
By taking browser security “padlocks” seriously, going directly to websites instead of clicking links from emails, and generally maintaining a suspicious attitude, it’s possible to greatly reduce the risk of being tricked by this kind of social engineering.
Step 3: Tread carefully around public Wi-Fi
In an age where everyone feels they need to be permanently online, it’s very tempting to jump onto some public Wi-Fi, often to do something no more essential than checking a social media timeline.
However, the bad people know this, and frequently take steps to exploit people’s desperation for connectivity. They can sit on networks in hotels and cafés, ready to launch “man in the middle” attacks to steal credentials. Alternatively, they can easily set up fake hotspots where they can snoop at personal information that they can use later.
One approach is to avoid public Wi-Fi, but a better stance is to always use a good quality VPN service for this kind of internet activity. That way, your information is encrypted and far safer.
Step 4: Educate the non-technical
If you’re a technical person, you may be able to spot a fake website or a phishing email from a mile away. However, it only takes one person in your family and office to exercise their naivety, and a hacker could find a way to unleash ransomware, or some other kind of infection.
For this reason, whether you’re the techie member of the family or your company’s Head of IT, it’s down to you to explain how modern cybercriminals work. Many non-technical people assume that installing antivirus is all they need to do to ensure their online safety. Online life simply isn’t like that anymore – so it’s essential to ensure that less technical people understand that they could be the weakest link in IT security.
Step 5: Always have a backup
When it comes to ransomware specifically, a good backup is the best possible defence. If you always have a complete copy of your data on an external hard drive or an online backup service, there will never be any need to pay a hacker to give you that data back. So, decide on a reliable backup solution, get it in place, and make sure you check you can actually restore your information (because an untested backup isn’t much better than no backup at all).
While a ransomware attack could still inconvenience you if you have a backup, at least there won’t be any question of you paying the hacker for your own data.
Ransomware shows no sign of disappearing. If anything, hackers seem to still be favouring it as a technique. This tips should help you stay at least one step ahead of them.