There is some good news: Today’s sophisticated, multi-stage ransomware attacks provide potential victims/organizations with multiple opportunities to stop a ransomware attack before it steals data or locks up computers/files.
Of course it's ideal to stop an attacker from ever gaining a foothold to start their mission, but even if they do get in, identifying early stages such as network discovery, command and control communications, lateral movement, data collection and staging, exfiltration and encryption are critical. See below for tips on ransomware prevention and how best to respond to a ransomware attack.
9 Tips To Reduce Ransomware Risk
1. Never Click on Unverified Links
If a link is in a spam email or on a strange website, you should avoid it. Often, hackers spread ransomware through a malicious link that initiates a malware download. Once the malware is on your computer, it can encrypt your data, holding it hostage, only allowing someone with a decryption key to access it.
However, the malware has to get on your computer first, and the most popular method of spreading ransomware is through a malicious link. If a link has not been verified, it is best to leave it alone.
2. Scan Emails for Malware
How to stop ransomware virus or other malware starts with scanning email communications. Email scanning tools can often detect malicious software. After the scanner has detected malware, the email can be discarded, never even reaching your inbox.
Typically, the malware in the email will be embedded in an attachment or inside a file within the body of the email. Hackers have been known to insert images that appear innocent, but when you click on the image, it installs ransomware on your computer. Scanning for emails with these kinds of files can prevent your device—or others on your network—from getting infected.
Why Email Security is Valuable for Protecting Against Ransomware
Get the eBook
3. Use Firewalls and Endpoint Protection
Firewalls can be a good solution as you figure out how to stop ransomware attacks. Firewalls scan the traffic coming from both sides, examining it for malware and other threats. In this way, a firewall can ascertain where a file came from, where it is headed, and other information about how it traveled and then use that to know whether it is likely to contain ransomware.
Further, a next-generation firewall (NGFW) can use deep packet inspection (DPI) to examine the contents of the data itself, looking for ransomware and then discarding any file that has it.
With endpoint protection, individual endpoints are shielded from threats. There are certain types of traffic that are more prone to carrying threats, and endpoint protection can keep your device from engaging with those kinds of data. Also, hackers may use malicious applications to infect your endpoints with ransomware. Endpoint protection will prevent designated endpoints from running these kinds of applications.
4. Only Download from Trusted Sites
It is common for hackers to put malware on a website and then use content or social engineering to entice a user to click within the site. Social engineering applies pressure on the user, typically through fear, to get them to take a desired action—in this case, clicking a malicious link.
In many cases, the link itself may look innocent. If you are not familiar with the site or if its Uniform Resource Locator (URL) looks suspicious even though it appears to be a trusted site, you should steer clear. Cybercriminals often create fake sites that look like a trusted one. Always double-check the URL of a site before downloading anything from it.
5. Keep Backups of Important Data
Ransomware attackers like to take advantage of users who depend on certain data to run their organizations. Often, because the data plays an integral role in daily operations, a victim may feel it makes more sense to settle the ransom so they can regain access to their data. You can avoid this temptation by backing up your important data on a regular basis.
If your data is backed up to a device or location you do not need your computer to access, you can simply restore the data you need if an attack is successful. It is important to make sure you back up all critical data frequently because if enough time goes by, the data you have may be insufficient to support your business’s continuity.
6. Use a VPN When Using Public Wi-Fi
Public Wi-Fi is convenient because it is easy to get onto, often without a password. Unfortunately, it is just as easy for hackers to use public Wi-Fi to spread ransomware. Whenever you are on a public Wi-Fi network, you should use a virtual private network (VPN).
A VPN encrypts the data flowing to and from your device while you are connected to the internet. In effect, a VPN forms a “tunnel” that your data passes through. To enter the tunnel, a user has to have an encryption key. Also, to read data that goes through the tunnel, a hacker would need to decrypt it. To block ransomware, a VPN keeps outsiders from sneaking into your connection and placing malware in your path or on your computer.
7. Use Security Software
Security software can be a powerful tool in ransomware prevention. Therefore, it is often listed among the best practices to prevent ransomware. Security software checks the files coming into your computer from the internet. When a malicious file has been detected, the software prevents it from getting into your computer.
Security software uses the profiles of known threats and malicious file types to figure out which ones may be dangerous for your computer. To stay current, security software often comes with free regular updates. These can be installed automatically by the provider. As the provider becomes aware of new threats, their profiles are included in the update. As long as you make sure your software is updated periodically, you will have the best protection the software can provide.
8. Do Not Use Unfamiliar USB Devices
A Universal Serial Bus (USB) device can be used to store a malicious file that could contain ransomware. Whether the USB has an executable file on it that can infect your computer or the file is launched automatically when you insert the USB device, it can take very little time for an apparently benevolent USB to capture your computer.
Cybercriminals may leave a USB device laying around, knowing that some people may be tempted to pick it up and insert it into their computers. The criminal may even print a seemingly innocent label on it, making the device look like a free gift from a reputable company. If you ever find a USB device, do not insert it into your computer. The safest USBs are those purchased from a store and sealed inside intact packaging.
9. Avoid Giving Out Personal Data
With the right personal data, a cybercriminal can set a variety of traps to get ransomware on your computer or trick you into installing it on your device yourself. People often use the same passwords for their computers as they do for websites and accounts. A cybercriminal can use your personal data to gain access to an account, and then use that password to get into your computer and install ransomware.
If you avoid giving out personal data, you make it far more difficult for an attacker to levy this kind of attack, particularly because they would have to find another way to figure out your passwords or other account information. Personal data also includes the names of people, pets, or places that you use as the answers to security questions for your accounts.
Ransomware continues to evolve and impact more and more organizations, with FortiGuard Labs reporting an average of 150,000 ransomware detections each week. At the same time, digital acceleration, the quick move to remote work, and the diversity of connectivity on and off the corporate network, make organizations more susceptible to a successful attack.
Fortinet ransomware protection solutions integrate artificial intelligence and other advanced analytics across the digital attack surface and the cyber kill chain. Organizations are provided multiple opportunities to prevent and/or detect ransomware campaigns and components.