How to protect ourselves
It can be seen that cybercriminals are motivated by money and all computer users, without any exceptions, are vulnerable. If you get attacked by a ransomware virus, first switch your computer off. Some malicious software first shows the message concerning infection and then it encrypts our files. In such case we can prevent the encryption of at least some data. Files should then be restored by connecting the disc to a different computer, which hasn’t been connected to the network in order to eliminate for the virus the possibility to connect with the CnC server. Without this it is unable to encrypt files.
However, protection relies on good antivirus software and computer hygiene. Do not click in every link and do not open all attachments to your e-mails, on social networking sites as well as in communicators. We should also avoid logging in to the account with administrator privileges. On a daily basis we should work from the user account and the administrative account should be used only when necessary – for example for software installation.
In the company it is necessary to correctly assign permissions to the resources of company network and company cloud made available to the users. Providing company managers with the access to all company resources constitutes a very common mistake. These people are the most frequently at the risk of personalized attacks of cybercriminals and it has frequently been the case during ransomware attacks that all files with documents on all company servers and in all locations were encrypted from CEO’s laptop, thus paralyzing company’s activity for a few days, until the ransom was paid.
Backup – most important defense line
Backup constitutes the best way to protect the company against ransomware attack. In case of the infection it is often much easier to format the entire hard disc and load the data from backup copy than to bother with removing the virus or paying cybercriminals. Backup enables fast and trouble-free going back to the moment before the attack. In addition, in such solutions as Xopero QNAP Appliance, which cooperates with QNAP NAS servers, it is possible to launch the image of restored computer in virtual environment from USB key. Image downloaded from the NAS server remains then in safe virtual environment, where we can without any problem check whether the restored data has been infected. Often before encrypting the data, ransomware for several days remains hidden on the victim’s computer.
Automatic cloud backup constitutes a recommended solution. It is worth to remember that at the moment of the attack, data is encrypted in all locations accessible from the operating system level – including external and network carriers, including portable hard discs or NAS servers (when it comes to QNAP NAS, the functionality of system/data restoring from the snapshot prepared in advance turns out to be particularly useful). Cloud backup is not easily accessible from the user level. In this way, ransomware does not have direct access to backed up data.
For cloud backup, automatic tools performing the work for us are a good idea. We do not have to remember about physical backup activity as it will be performed in the background without our participation always at a given time or moment when the computer or network are not overloaded. Cloud backup systems Xopero Cloud and Xopero Cloud Personal are among others equipped with mechanisms of this type.
It is worth to remember that backup technology may without any problem provide protection against ransomware attack not only to the computers and laptops of subsequent users, but also to servers – physical and virtual ones. In this way we are sure that in case of any trouble, we will overcome it without paying cybercriminals a single penny.