Ransomware is emerging as one of the most widespread cybersecurity threats targeting an increasing number of corporate customers. Malware that locks a device or encrypts data can be found all over the world. At the same time, a growing number of ransomware is being designed for specific markets or is targeting specific types of users, and a new trend is to target countries or industries that are more likely to pay for unlocking.
Ransomware and similar malware is becoming more sophisticated. Avoiding infection with cryptolockers is possible if you follow a few simple rules to protect yourself with good habits, so here are some early ransomware identification tips to help you out.
Avoid Opening Unknown Attachments
Lockware and cryptoware usually employ simple methods to infect a device or an online account. Most malware is distributed via an email with attachment that either reaches a great number of email addresses or targets a specific market, person, or organization.
That said, any user should consult his/her address book upon receipt of any new email message to verify the sender of the email. In actuality, the sender’s account might also be compromised, so double check with the sender whether such an email was really sent. You should pay particular attention to emails coming from a financial institution, be it your bank or a bank that any of your contacts is working with. Carefully check the full email address to identify any suspicious information. This sender info is located in the header of the message.
Macros and Document Viewers
If you routinely deal with large number of text documents and spreadsheets that are coming from third parties, make sure that macros and ActiveX are disabled in your office suite. This is a common method to infect a computer. Also, avoid opening attachments sent through social network accounts because they are easily compromised and mimicked. Document viewers are useful tools to preview a document without launching any embedded macros. There are viewers for all widespread office software suites that allow checking whether a document contains what is supposed to contain and verifying its legitimacy. In theory, a decent antivirus solution should easily find macro viruses but these precautions add an extra comfort level.
Although many services and merchants like to incorporate direct links in their emails, it is much safer to check the sent link outside of your email agent. Most antivirus vendors also recommend avoiding clicking on links in emails.
Verify Information Requests
One aspect of ransomware’s sophistication is the increasing use of social engineering traps, trying to force the recipient to open an attachment or send information to a remote server. So take your time and verify whether you have asked for the submitted attachment and whether the information request is legitimate. Simply put, avoid sending sensitive information such as usernames, passwords, and access codes in response to emails. The same applies to credit card numbers (but this is a whole other story!).
Check File Extensions
Develop a routine to check the file extensions of attachments sent by email. For instance, extensions like .exe, .vbs, or .scr are suspicious if you expect to get a document as an attachment. These are executable files and they have nothing to do with a document or image. Another malware trick is to send an attachment where the file has two extensions e.g. document.xlsx.scr, which is not a legitimate format.
Do not trust browser popups telling you that your computer has been infected with a virus or is at risk. No legitimate antivirus works this way and this is a common method to trick users into clicking on a malicious link.
You don’t need to be a cybersecurity guru to perform regular backup of your important data. In fact, this is the ultimate protection against any malware, lockware, or cryptoware. Most hosting providers, for instance, offer daily backups allowing a hacked or compromised website to be restored to its clean version without losing much data or recently introduced functionality.
More advanced techniques for ransomware prevention are also available and likely used by your IT department. These include filtering certain file types at the server level, preventing particular services from being run by the operating system, introducing hierarchical user and system access rights, and implementing strict policies for shared content and shared disk drives. Nonetheless, by following the above tips on preventive identification of ransomware, you will minimize the risks of being infected with malware and failing victim of ransomware.
Want to know how your IT systems stack up? Talk to us for an easy assessment.