SMB ransomware infections can be time-consuming, expensive, or catastrophic. Which category an infection falls into will, to a large extent, depend on how you have prepared. If you run a SMB, ransomware protection is essential.
Ransomware protection is no longer an option, it is a necessity
It may not simply be a case of paying a ransom to recover your data. Data may be permanently lost. There is no guarantee that a security key will work, or will even be provided if a ransom is paid.
Unfortunately, ransomware is here to stay. Criminals have found it to be one of the best methods of obtaining untraceable money from victims. Ransoms are paid in Bitcoin – or via other anonymous payment systems – and infecting computers is exceptionally easy in many cases.
Ransomware will continue to be used as long as it proves profitable for cybercriminals. The profits from Cryptowall infections alone are estimated to be in the region of $325 million (£215 million) and the ransomware was only developed and released in September 2013. With such high profits, ransomware is here to stay – so businesses need to get prepared.
Importance of ransomware protection highlighted by Power Worm variant
Infected with ransomware? It’s not the end of the world, you could just pay the ransom. Unfortunately, that does not necessarily mean you will get your data back. Take the latest Power Worm variant for example.
Not all hackers diligently prepare their malware. Sometimes mistakes are made. The latest variant of Power Worm is a good example. The developers of the ransomware attempted to make decryption a more straightforward process, but made a critical error. The Power Worm variant they created encrypts files, but deletes the security keys to unlock them.
Even if a ransom is paid, data will not be unlocked. An infection will mean data will be permanently and irrevocably encrypted. This has not stopped the users of the ransomware from asking for a payment of 2 Bitcoin to decrypt the data. It just prevents them from making good on their promise.
There is never any guarantee that a security key will be provided even if a ransom is paid but, with this infection, it is simply not possible. This latest ransomware highlights the importance of implementing ransomware protection strategies to deal with infections when they occur. If you don’t, it could spell total disaster.
Ransomware protection strategies
Unfortunately, while ransomware is spread via spam email and social media networks, exploit kits are now being used to infect computers by taking advantage of security vulnerabilities. Fortunately, there are a number of ways you can protect against a malware infection.
Regularly back up your data on a separate device
A ransomware infection need not spell disaster, even if the criminal behind the infection does not unlock your data. If you have a backup, an infection is a pain, but you can recover your data.
Install a robust spam filter
Ransomware is often spread via infected email attachments. Configure your spam filter to block executable files, and you can prevent malicious email attachments from being delivered to users’ inboxes.
Show hidden file extensions
Windows often hides known file extensions. Criminals take advantage of this. If they name an executable file report.pdf.exe, when Windows hides the extension, it will appear as report.pdf. Users may inadvertently open an executable file believing it to be harmless. Make sure file extensions are shown to reduce the chance of accidental infections.
Make sure Remote Desktop Protocol (RDP) is disabled
You may use RDP to provide support to end users on your network, but hackers can exploit RDP to gain access to devices and install malware without any user interaction. If you do not use RDP, or can get away without using it, make sure that it is disabled on all internet enabled devices.
Make sure browsers are kept up to date and patches installed
Exploits are used to probe browsers for security vulnerabilities that can be exploited. It is therefore essential that the latest version of web browsers are always installed, and patches and updates are installed as soon as they are made available.
Install web filtering software
Ransomware is often installed using drive-by attacks. Malicious websites are not always easy to identify, but the sites can be blocked if web filtering software is employed. Stop end users from visiting malicious websites and you will greatly reduce the risk of ransomware being installed.