What is it?
Ransomware is the most common malware threat for small to mid-sized businesses. It is malicious software that encrypts your files, documents, pictures, and music on your computer which could only maybe accessible by paying a ransom. In other words, it is a malware that locks users out of their devices or blocks access to files potentially until money or ransom is paid.
Common Ways to Get Attacked:
Before figuring out how to mitigate your risk, you should first understand how these threats are delivered. Ransomware is most often caused by phishing emails containing malicious attachments or links. With malicious attachments, the attacker creates an email (typically from a believable source) and attaches a malicious file. Assuming it’s coming from a trusted source, the user will open the attachment. Once it’s opened, the ransomware is unknowingly downloaded, the system is infected, and the files are held for ransom. Malicious links work very similarly to attachments, but instead of opening a file, the user clicks on a URL also coming from a “trusted source.” The URL downloads malicious files over the web, infects the system, and holds files for ransom.
Another common cause of ransomware is done through drive-by downloading. This is when a user unknowingly visits an infected website causing malware to be downloaded and installed on their device.
Key Things to do to Mitigate Your Risk:
1. Good backups
Your backups are your most important defense against a ransomware attack which is why it’s so important to have them properly implemented. One thing you can do to mitigate your risk of a ransomware attack is making good backups. Good backups mean you are backing up frequently AND backing up onto multiple different medias (we recommend the 3-2-1 method). These are two critical steps in keeping your files and data safer.
2. Combat email phishing
Another effective method to mitigate your risk is learning to combat email phishing. Here is a list from one of our past blogs that can help you and your business avoid phishing attacks:
- Look at the email address it was sent from. Is anything misspelled or full of jumbled letters?
- Use link hovering to verify the final destination of any links. You can do this by simply hovering your mouse over the link and reading the URL (web address) at the bottom left-hand corner of the screen.
- Never open attachments or click on links unless you’ve verified that they’ve come from a trusted source.
- If you clicked on a malicious link or attachment, change your password immediately.
- Train yourself and your team on identifying phishing emails with mock phishing scenarios
3. Trusted IT partner
The last and final thing you can do to help protect your company from a ransomware attack is to have a good and trusted IT partner, like us. Our team at Corporate Technologies is devoted to helping companies like yours avoid all types of cyber attacks that may occur.
“Really impressed with their business practices and philosophies. Well worth a call!!” -Michelle Henderson