Best Practices to Avoid Ransomware and Crypto Malware Attacks

Ransomware is a type of malicious software designed to block access to a computer system or computer files until a payment is made. Crypto Malware hides deep in your system and the discretely mines data for a future attack. Both encrypt files so they are only accessible with a "decryption key" that the cyber attacker controls.

Ransomware + Crypto Malware are often spread through phishing (“fishing”) emails, drive-by downloads and are usually installed without the user's knowledge.

Best practices to stay safe and productive.

• Train staff to recognize and identify suspicious emails. Follow our best practices and encourage employees to contact your IT Department if they think they are being targeted by a cybercriminal.

• Label External e-Mail. Proper configuration of your email can banner all external email with a banner that says “External”. This heightens the awareness of employees that the email came from an outside source

• Update software on a regular basis so you have the latest security patches.  This includes Anti-Virus (Norton, McAfee, etc.) and system software (Windows, Firmware, Application Software).

• Change default passwords across all access points. A good number of ransomware attacks are committed by Brute Force or by tricking the user to download software that continuously attempts to log into servers by trying different passwords. Eventually the right combination is found, and the cybercriminal takes over your server until ransom is paid.  Follow our best practices.

• Enable Two-Factor Authentication (2FA), a mechanism to double check that your identity is legitimate. It requires two verification factors, a password and a second factor, usually an authenticator code on a mobile device to login. This ensures that a hacker cannot gain access to your account with only a password.

• Back up important data on a regular basis, at a minimum, every 24 hours. If you are the victim of a ransomware attack, you may not need to pay ransom if you have your critical data backed up and stored properly. 

Our team is constantly testing to identify the latest security challenges, changes and best practices to keep you safe and informed. We are always ready to assist you by phone, chat or email.