FBI On Ransomware Impact & Protection (6 steps to take)

Although it’s a relatively new form of computer “virus”, ransomware has exploded over the past few years.

At the RSA Security Conference that took place this past February, the FBI stated that over the past 6 years ransomware victims have paid out over $144 million to the ransomware operators.

Not only that, but this figure does not include the money spent by businesses after the attack to repair and replace their systems, only the ransom payments themselves. Lost data, lost customers, hiring security professionals to come in and clean up networks and retrain personnel – all of this additional cost is not reflected in the $144 million figure.

Additionally, it’s likely that at least some businesses that have been affected by ransomware (and paid the attackers) have gone unreported, and so are not documented in this FBI report.

How to Protect Yourself

Fortunately, this presentation wasn’t just bad news.

According to the FBI, there are 6 basic things to be aware of to prevent (or, at the very least), mitigate the affect of a ransomware attack.

  1. Secure Windows RDP: The most common way for attackers to get in is through unsecured (or poorly secured) Windows Remote Desktop Protocol. There were major vulnerabilities in Windows 7 RDP patched last year, and it’s likely that many of these old Windows 7 computers will never be patched.
  2. Phishing Attacks Still Common: Phishing attacks have been around a while, and it looks like they are still a common source of access for attackers. As always, if you’re not expecting an attachment do not download anything, and double-check the address of links in emails. If you’re in doubt about the validity of a link, do not click it, but visit the relevant site by manually typing its address in your web browser. Any important notices will be shown to you when you visit the site.
  3. Install Updates: The backlash against updates is something that I have a hard time understanding. While it can be true that sometimes updates can make computers or phones less stable or slower, it’s also true that as soon as an update is released, attackers look through the update to find what security flaws were patched, and how to exploit them on un-updated systems. This is one big thing that makes Microsoft’s laughable quality control dangerous, since it deters people (like me) from installing updates.
  4. Use strong passwords: Like phishing attacks, this is something that has been repeated so many times it my have lost all meaning. Passwords need to be long, unique for every site, contain all allowed characters, and be as close to random as possible. I’ve written about this before, but I think everyone should use a password manager. I like LastPass, but whichever one you pick, use it!
  5. Check on network: If you’re at a large enough company that you have your own network, you need to make sure that you someone (or some service) that is actively monitoring it. If someone does get in, active monitoring will (hopefully) let you know before something bad happens.
  6. Backups: If you have important data, you need to have a backup, and you need something more than just important files linked to Google Drive or Dropbox. Not only should you probably use something like Backblaze, but you also need something that is offline. If you only have backups on Dropbox, and your computer is encrypted, then your Dropbox files also get encrypted and are useless! The easiest solution may be daily/weekly backups using something as simple as a portable hard drive (or flash drive) that you plug in (and unplug) every night or once a week.

Watch the whole presentation here: