Tech expert Michael Silva, Adjunct Professor, Computer Science, NYIT School of Engineering & Computing Sciences, is available to discuss ongoing ransomware threats, and offers the following:
Defeating Ransomware in Three Easy Steps
If you're one of the lucky people who have not yet been infected by Ransomware, but aren't quite sure how to protect yourself – this information could save your digital life.
- Make Backups: The little-published secret to defeating Ransomware is as simple as keeping regular backups! Ransomware encrypts your data, but if you have a backup, you can simply erase the encrypted data and replace it with your good backup copy. Backups won't prevent you from getting infected, but it will save you from the ugly specter of potentially paying a ransom for something stolen from you. Remember that your backups are only as good as your ability to restore that data, so periodically recover a file and make sure it is what you expect. Paid tools like DropBox detect mass file changes and identify these as potentially catastrophic events, enabling you to go back to a known, pre-infection, copy. Alternatively, you can simply copy files periodically to a USB drive and physically remove it once the backup is complete. Make sure that your backup system is physically disconnected from your main system – otherwise, the virus could potentially encrypt your backups as well. This is perhaps your most effective and reliable step to protecting your data.
- Update Your Operating System and Software Regularly: If you don't already have automatic updates enabled, now is a great time! Many times, vendors like Microsoft will release patches to limit or prevent damage caused by viruses, malware and Ransomware. Remember to update your third-party software as well, like Java. If you're uncomfortable trying to stay on top of all of the updates, there are tools like ManageEngine and Kaseya which will automatically install patches for you. Of course, make sure that your antivirus software is up-to-date and running regular scans.
- Trust but Verify Communications: Hackers are becoming increasingly more sophisticated with their attempts to extract information and get you to download and execute their malicious software. In the past, mass emails were sent in the hopes that an unsuspecting recipient would click a link and download malicious software. Today, some hacking rings operate like organized gangs, building organizational charts and verifying staff employment for their targets through direct phone call campaigns. Their hope is that by building incredibly convincing emails, neither your spam filters, nor you or your peers may notice that the email sent from "your boss" isn't actually from him or her at all, even though it may match their signature, writing style and font perfectly. Be suspicious of phone calls asking to verify reporting lines or requesting organizational information. Last but not least, if it just doesn't look right, it probably isn’t – give the sender a call or stop by their office to double check. The risk otherwise simply isn't worth it.
Michael Silva can be reached at firstname.lastname@example.org.