If your computer, network or mobile files have already been struck by ransomware, we can’t really help you.
We also don’t recommend that you or your clients pay the demanded money either, since this won’t necessarily eliminate the malware from a system and could even designate you as an active target who may be hit up for more money in the future. Unless you’re in a critical position where you absolutely have to have everything unlocked instantly, such as a public safety agency, it might be smarter in the long run to cut your losses and start with a new, more secure system.
Even more frightening is that these types of cryptolocker infections will likely get worse – Symantec reported that ransomware attacks grew by 35 percent in 2015, which makes it even more critical to anticipate them and design defenses to make your system as strong as possible, and then you simply won’t have to worry about it.
Here’s some easy ways to get started.
- Introduce or expand anti-virus programs. Think of them, perhaps, as a seat belt or a bike helmet. You may never need it, but if you do, you’ll be glad it’s there. A 2013 Microsoft study showed that 24 percent of all machines worldwide are unprotected, and 26 percent of all U.S. machines. The same 2015 Symantec study reported that 75 percent of sites have unpatched vulnerabilities, and 429 million identities were exposed. You can get malware detectors only, but an active antivirus program that also detects malware can stop a higher number of attacks than an anti-malware program alone. Though your company’s financial people will hate this, good security also has to be more than a one-time capital expenditure — programs have to be updated regularly to continue to be effective.
- Improve internal usage policies. Educate your staff on proper handling of their desktops, laptops and mobile devices, which can include not opening suspicious emails, not downloading unauthorized programs or apps, not leaving their hardware unsecured, not visiting dangerous sites, and being careful with passwords. Some of these behaviors seems common sense to those of us in the IT world, but criminals are counting on people not following these rules. Require that everyone acknowledges these practices as part of their employment.
- Restructure network management. Consider adding extra security levels to your network, so very few people can get to the more vital data points and it’s even more difficult for unauthorized people to reach these areas and lock them for ransom. Give most users only access to the basic lowest levels, even if they’ve enjoyed higher access in the past. You also can consider tracking who tries to access to the higher security levels to see if anyone unauthorized is even attempting to enter. You may even consider taking the most critical information offline completely, such as a terminal in your workplace that isn’t connected to the rest of the network.
- Focus on external policies. Show your customers and clients that your security and their security are both vital by putting every precaution into your site. Include encryption on pages where people can input information. Include messages on your site saying why this is important. When working with a new client or vendor, consider their security as well – you don’t want anything to happen to your data or your customer’s data if intrusion occurs through connection points between both companies.
On Time Tech is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (415) 294-5250 or send us an email at firstname.lastname@example.org for more information.