How to prevent ransomware

Share on facebook
Share on twitter
Share on linkedin
Share on telegram
Prevent ransomeware attacks

Of all the cyber threats facing your business, ransomware is arguably the most dangerous. It will prohibit you from accessing files on the infected computer while demanding payment to have the restriction lifted. The infected computer will essentially be a paperweight. You won’t be able to run programs on it, nor will you be able to retrieve its stored data.

The basics of ransomware and how it works

Ransomware receives its namesake from how it holds an infected computer for ransom. It encrypts the infected computer’s files so that you can’t access them. When you try to open a file, you’ll see a popup message demanding payment. Unfortunately, obliging to the hacker’s ransom demands doesn’t always work. Even if you pay the hacker, he or she may not follow through by decrypting your files. The hacker could, in fact, demand additional payments. Rather than allowing your business to get caught up in an endless cycle of ransom demands, it would be best if you focused on protecting it from ransomware attacks.

Filter traffic through a firewall

Filtering your business’s network traffic through a firewall will lower its risk of being attacked with ransomware. Firewalls work by screening incoming and outgoing traffic against a set of rules. If a traffic packet fails the ruleset, it will be dropped or denied, meaning the traffic packet won’t reach your business’s network.

You can configure a firewall to automatically block traffic packets sent from Internet Protocol (IP) addresses associated with cyber attacks. If you discover a particular IP address is attempting to access a secure part of your business’s network, such as a database, add it to the firewall’s ruleset.

Deploy an IDS

Deploying an Intrusion Detection System (IDS) can protect your business from ransomware attacks. Like a firewall, an IDS will screen your business’s network traffic. It’s placed between your business’s network and the internet, where it scans traffic for cyber attacks, including ransomware.

IDSs work differently than firewalls. Instead of using rulesets, they look for patterns or irregularities in traffic that indicate a cyber attack. A large packet size, for instance, could indicate a ransomware attack.

IDSs aren’t designed to block malicious traffic. Once deployed, an IDS will notify you about the potential cyber threat. You must then take the appropriate steps to mitigate it. Regardless, an IDS is a useful cybersecurity tool for defending against ransomware attacks.

Use real-time antivirus software

Because it’s a form of malware, ransomware can be detected and blocked by real-time antivirus software. Real-time antivirus software is designed to neutralize malware threats in real-time. It doesn’t wait until the malware is already on your computer. Real-time antivirus software monitors data as it’s loaded into your computer’s memory.

With real-time antivirus software, ransomware is less likely to reach your computer’s hard drive. Real-time antivirus software will block the ransomware before it has the opportunity to install itself and, therefore, encrypt your files. When you download, open, copy or modify a file, it will scan the file for known cyber threats. It won’t catch all ransomware instances, but real-time antivirus software is another layer of security that will lower your business’s risk of being attacked with ransomware.

Keep in mind, many types of antivirus software offer both real-time protection as well as on-demand scanning. On-demand scanning is a more thorough form of protection in which the antivirus software will scan all of your computer’s stored files. If ransomware has already burrowed onto your computer’s hard drive, though, the damage may already be done. You can perform on-demand scans, but keep the antivirus software’s real-time protection enabled. 

Beware of downloading email file attachments

Email is a common vector by which ransomware is transmitted. Statista reports that over two-thirds of all ransomware attacks involve phishing emails. As a result, you must heed caution when downloading email file attachments. Phishing emails are disguised to look legitimate, which entices victims into downloading their file attachments.

How do you know if an email is trying to trick you into downloading ransomware? Start by verifying the sender’s address. Phishing emails often use a sender address that’s slightly different than the domain that they are impersonating. If you’re expecting an email from a particular brand but receive an email with a slightly different sender address than that of the brand’s actual email account, don’t download any of its file attachments.

Most phishing emails aren’t personalized. Instead, they have generalized salutations, such as “To whom it may concern” or “Dear partner.” Along with poor grammar, a generalized salutation may indicate an email is trying to trick you into downloading ransomware.

Set OS to update automatically

Setting your computer’s operating system (OS) to update automatically can reduce the risk of a ransomware attack. If your computer runs an outdated OS, a hacker may exploit a vulnerability to deploy ransomware.

Microsoft and Apple regularly patch their respective OSs, but you must download these updates to stay protected. If your computer’s OS is set to perform updates manually, it may go unpatched for an extended period, during which a hacker may deploy ransomware on it.

Create data backups

While creating backups won’t prevent ransomware attacks from occurring, it will lessen their impact. If your computer becomes infected, you’ll have a copy of its stored data. You can then wipe the computer by restoring it to factory settings, followed by transferring the copied data.

Remember to save your data backups on a different computer or device than those you create. If you create a data backup and save it on the same computer, ransomware may prevent you from accessing it. Storing the data backup on a different device, preferably one that’s not connected to your business’s network, will isolate it from the infection.

Ransomware is on the rise. According to the U.S. Small Business Administration (SBA), roughly 4,000 new ransomware attacks occur each day, making it one of the fastest-spreading forms of malware. Don’t let ransomware interfere with your business’s operations. Invest in a robust cybersecurity strategy to mitigate the threat posed by this otherwise common and destructive form of malware.

Michael - Cyber Security Herald

Michael Inglis

CISSP, CEH, BSc, MCSE, AWS SAA - Cyber Security Specialist with over 20 years of experience in IT and Cyber Security. Providing global cybersecurity news, analysis, and research.

Scroll to Top