Every time you connect to the internet, whether it's from a computer, tablet, or smartphone, you are vulnerable to cyberattacks from outside threats and hackers. One of the most common forms of cybercrime today is known as ransomware, which occurs when a hacker manages to lock and encrypt data on your device and demand a payment in order to release the information.
Ransomware attacks are very often targeted at businesses, governments, and public institutions, though more recently they have spread to individual internet users as well. In particular, the cryptocurrency community has become extremely vulnerable to such attacks. New schemes like the Kraken Cryptor virus will lock down the computers of digital investors.
Fortunately there are a number of steps you can take to protect yourself and your organization or family from ransomware attacks. And if you do happen to fall victim, we'll tell you what steps to take next.
Monitor and Filter Email
A significant portion of ransomware attacks come about as the result of phishing scams, where a criminal sends out spam to a group of email addresses and pretends to be connected to a legitimate company. For example, you may have received a suspicious email claiming to be an account alert from Amazon, Apple, or a credit card firm.
These days, many phishing scams are pretending to be related to cryptocurrency platforms and exchanges. The messages might say that you have a pending transaction that needs your approval. But when you click on the link in the message, it will direct your browser to an unsafe web page. Some ransomware attacks also originate from malicious attachments in an email.
Reports indicate that 93 percent of phishing emails today are related to a ransomware scheme. Individuals who follow the rogue links or open the attachments within these messages will inadvertently install malware on their device that gives the attackers the ability to encrypt system data.
As a protective measure, you should always have a strong junk filter enabled on your email account. This, of course, will not be able to block all spam, so you also need to be extremely diligent when opening messages and following links. Always check the sender address and the URL of the clickable link. If something looks suspicious, close and delete the message right away.
Stop SQL Injections and XSS Attacks
If you run a public website, even if it's just as a hobby or side business, you have the duty to protect your visitors from outside threats that could lead to ransomware attacks. The two most common website vulnerabilities are SQL injections and cross-site scripting (XSS) attacks.
A SQL injection targets the back-end database of a website, typically by exposing a security flaw in a URL request or input field. This could allow an outside hacker to gain read access to sensitive data, including local passwords. If such an event occurs, then the attacker could lock all website access and issue a ransom demand to the owner.
To prevent a SQL injection attack, you need to evaluate every line of code that includes a direct call to your back-end database. These functions need to check for special characters that could simulate a SQL query and restrict them from being used. In addition, make sure your firewall is set up to block all unnecessary access to the local database.
Like with SQL injections, you should validate all input entries processed by your web server and block anything that could potentially be used for XSS attacks. Languages like Java and PHP have pre-built libraries that can help you automatically sanitize the inputs received.
Run Regular Backups
The target of a ransomware attack is usually the hard drive memory on your computer or mobile device. The criminal will block you from accessing the information through a method of encryption that only they can unlock. Encryption is a process that renders data unreadable - or in the case of an image, unviewable - by scrambling the characters with a cipher and requires a decryption key to unscramble. As a result, data backups are often the fastest short-term measure of recovering from a ransomware attack.
Both companies and individuals need to be diligent about how and when they back up their digital data. Daily snapshots should be sufficient for most cases, but if your computer contains sensitive information that changes on a rapid basis, then you should look into robust solutions that offer hourly backups.
Backup products on the market today offer an incremental feature that stores one primary snapshot of your hard drive and then tracks individual changes in the future. This way, only small additions are made to your backup system, which will improve the speed of each snapshot process and reduce the amount of extra storage space you require.
Even if you've followed all of the above steps and believe you are fully protected from ransomware, you still need to have a plan of what to do if an attack becomes real. On average, about 50 percent of businesses end up paying a ransom to try to remove the malware. But even if you agree to the criminal's demands, there's still no guarantee that you will get all of your data and access back.
The Bottom Line
In the immediate aftermath of a ransomware attack, you should take an initial snapshot of all affected systems so that you have a point of reference moving forward. Then, before reverting back to an older backup, take the time to assess the full situation and determine how much data is at risk. If you catch the attack quickly enough, you will likely have time to isolate the malware and limit its impact.