When it comes to information security, there is an abundance of threats to worry about. Certain threats have a high public awareness. Some of these threats are typical viruses that can be caught by anti-virus, scam emails trying to get you to provide private information and even spam phone calls. In recent years there has been an increased amount of attacks known as ransomware.
What is ransomware? It is exactly what the name implies. An attacker holds your data hostage until you pay the ransom. The most common approach is that the ransomware will steal copies of sensitive files and replace the files with encrypted versions. When attempting to open these files, the user will find an inability to open the files, and most likely be presented a message box with instructions of how to get your files back. Although this is more regularly seen in the business landscape, it can happen to individuals as well. Ransomware has been around for a couple of decades, but it became increasingly prominent beginning in 2013. In the past couple of years, the international ransomware attack of WannaCry demonstrated the importance of having good security practices.
To best defend against ransomware there are generally three basic steps that every user should take. If there is any lesson to learn from WannaCry, Petya, and NotPetya it is that systems should regularly be patched. The system should also be configured in such a way to disable old or unnecessary services and protocols. In the case of WannaCry, combining patching and disabling old services would have prevented the wide-spread effects. The second prevention mechanism is to use an up-to-date antivirus/internet security suite. There are several to choose from, and one key aspect that should be considered during the selection process is if it is signature-based or behavior-based. Having a combined approach will provide the best protection. The final preventative measure is to maintain responsible behavior online. Only going to secure and reputable sites are the best course of action in preventing the possible infection of ransomware.
Ransomware can be crippling for a business, especially if they do not have a recovery strategy, which will be further detailed in the intermediate blog. Similarly, ransomware can be financially damaging to a home user if important data gets held, hostage. Taking preventative measures such as patching, disabling old or unnecessary services, using up-to-date antivirus, and having smart internet browsing hygiene can minimize the chances of becoming a victim of ransomware.