Ransomware is one of the most common forms of cybercrime and is one of the cyber threats most likely to affect Canadians. As we adjust to working from home and increasingly relying on the Internet to keep us connected, threat actors have noticed and are using ransomware attacks to try to take advantage of the situation. Unfortunately, many people and businesses are not prepared to prevent or recover from a ransomware attack. This is where the Canadian Centre for Cyber Security can help. Follow along to learn more about this disruptive cyber threat and how you can protect yourself.
What is ransomware?
Ransomware is a type of malicious software that infects your device and holds your files and data for ransom. The infected device displays a message explaining that your files are inaccessible and you must pay to retrieve your information. But unlike kidnappers in a movie, in lieu of a suitcase full of money, the cybercriminals will demand payment in the form of untraceable digital currency, such as bitcoin.
No one is safe. These threat actors cast as wide a net as possible, targeting individuals and companies, big and small, in order to reap potential financial rewards.
Prepare and prevent
The good news is you can take steps to prepare for and prevent ransomware attacks. First, ensure you have backups of all your devices stored offline. The backup could also be a location that is not on the same network as the data. If you use a cloud service provider, this option is often available through them; either for free or as part of a paid subscription. Having your backups in a location that is not accessible via the Internet, like an external hard drive, is another great option. Even if only one device is infected by ransomware, it could quickly spread to other devices, negating the backups you have created. In addition, businesses should practice their data recovery procedures to understand how long it would take to get back online after a ransomware infection.
When it comes to prevention, keeping your operating systems and applications up to date is essential. Known vulnerabilities are the easiest way for cyber threat actors to get into your systems and devices. Software updates ensure these vulnerabilities are addressed. A less common method for spreading ransomware is sending infected Microsoft Office attachments. Once you open the malicious attachment, the ransomware automatically downloads and executes macros. (Macros are used in many Office suite applications. They are embedded in the code of the files, enabling you to create your own shortcuts and automate tasks, such as sorting worksheets alphabetically.) You should keep macros disabled by default and consider any macro prompts as red flags. Finally, don’t click on links from people you don’t know or that otherwise raise red flags.
For businesses, providing cyber security awareness training to employees will play a key role in preventing inadvertent ransomware infections. If staff are armed to recognize phishing emails and other potential cyber threats, they will know what to do if they encounter something suspicious. Restricting administrative privileges and ensuring that people only have the access that allows them to carry out their job functions also helps mitigate risks.
Following this guidance will help protect your devices and your information, but it is not a guarantee that you will never be affected by ransomware or other forms of cybercrime. However, being prepared for the worst helps keep you one step ahead. Our next blogpost will tell you what to do if you’ve been a victim of ransomware attack.