By Sophos
Ransomware is still one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of highly targeted file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.
Today, businesses large and small are no exemption to the threat of increasingly aggressive ransomware attacks. Loss of access to critical files, followed by a demand for payment, can cause massive disruption to an organisation’s productivity. In India, Sophos’ ‘The State of Ransomware Report 2022’ revealed that over the last year, over 78 per cent of the Indian organisations were hit with ransomware attacks, up from 68 per cent in 2020. Furthermore, the average ransom paid to get their data encrypted was $1.2 million, with 10 per cent of victims paying a ransom of $1 million or more.
Amidst this, it is imperative for enterprises to implement best practices to stay protected from ransomware, and here’s how:
- Backup regularly and keep a recent backup copy offline and offsite
In the case of a ransomware attack, having an encrypted backup can save enterprises precious time and financial resources in getting operations back up and running. Having a backup that is regularly updated and available offline and offsite, also ensures that leaders do not have to worry about the backup device falling into the wrong hands.
- Enable file extensions
The default Windows setting has file extensions disabled, meaning enterprises have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to users, such as JavaScript.
- Be cautious about unsolicited attachments
Ransomware attackers rely on the dilemma users face knowing that they shouldn’t open a document until they are sure of the sender and its contents. In cases where the authenticity of an email cannot be confirmed, a good practice is to exercise caution and report suspicious content.
- Monitor administrator rights
IT teams should ensure that they constantly review admin and domain admin rights, and are updated on who has them and remove those who do not need them. Additionally, users should not stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while they have administrator rights.
- Use strong passwords
It sounds trivial, but it really isn’t. A weak and predictable password can give hackers access to an organisation’s entire network in a matter of seconds. It is recommended that users use passwords that are at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation Ju5t.LiKETh1s!