Avoid Falling Victim to Ransomware

We hear routinely in the news that a major corporation or government agency has had its data integrity compromised, with millions of pieces of personal data accessed. In these cases, the criminals behind the attack hope to get money by selling that data to other criminals. In the case of ransomware, the criminals want your money, and try to get it by holding your data hostage. Plain, old fashioned kidnapping with a hi-tech spin. Even though they are attempting to extort you, they very well may still sell any of the data to other criminals.

What can you do to avoid falling victim?

Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren’t totally sure of. Does a phone call seem suspicious? Don’t ask questions, just hang up. Receive a text message with a link? Unless you are sure of the sender, just delete it. In any of the cases noted, if you think there may be legitimacy, then circle back to who you think the sender is by an alternate means. For instance, if there is a suspect email, call them. If a suspect text, don’t click the number that sent it, call them on an alternate number or email them. It pays to be vigilant because the crooks get better at making things appear legitimate.

The most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of routine data backups. However, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack to any small business, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation.

NOTE: The FBI advises not paying the ransom—you’re dealing with criminals after all. The FBI and CISA track these incidents and reporting with one or both agencies is advised. You can find the tools here.