Unfortunately, ransomware attacks are increasing — both in terms of frequency and success as measured in costs.
According to IDC’s 2021 Ransomware Study, 37% of global organizations said they were the victim of some form of ransomware attack in 2021. In addition, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware attacks in a six-month period from January to July 2021 — a number that represents a 62% year-over-year increase. Some researchers believe that the total cost of these attacks was more than $11 billion in 2021.
Even worse, these successful ransomware attacks only embolden cybercriminals as they look for more easy targets. All of this adds up to the situation where it’s a matter of when — not if — you’ll be hit with a ransomware attack.
Eight tips for protecting yourself from ransomware attacks
To help you do all you can to protect yourself from these types of cyberthreats — or mitigate the effects if you do get hit — we recommend the following eight tips to protect yourself from ransomware attacks.
1. Back up your systems regularly
While it may seem too easy or too optimistic, the fact remains that if you make sure your data is always backed up, you shouldn’t have to pay a ransom. It may seem like it might be difficult to reinstall data and get your systems back up and running, but today’s most effective backup solutions actually deliver fast, reliable recovery of critical applications, systems and data. Taking a disciplined approach to backing up data can give you a valuable advantage over cyberattackers.
2. Use regular patch management of applications and systems
Let’s face it: The entire software industry is prone to security holes — vulnerabilities that come up that require security updates to offer solutions for known issues, or even just for the general enhancement of software applications.
Cybercriminals are aware of these vulnerabilities and worse, they are very good at working fast to exploit them and gain access to computers and networks. They can even target zero-day flaws, which means they will act extremely quickly once they’re aware of a security hole.
The best way to defend against these security holes is to think about patching more proactively. Today, many of the best cybersecurity solutions deliver automated patching capabilities that work with hundreds of applications. As a result, you’ll minimize the threat of attack through an unpatched vulnerability and improve your overall security posture.
3. Enable two-factor authentication
Two-factor authentication is great advice and just gives you a better way to improve your cybersecurity efforts. Anything you can do to make it more difficult for the bad guys to get into your system, the better — and the more inclined they may be to leave you alone.
Think of this analogy. Imagine a home surrounded by a three-foot tall fence. While it doesn’t offer complete protection, it may be all a homeowner needs to fend off a would-be criminal. Hackers today are looking for easy opportunities, and two-factor authentication may send the message that the extra effort just isn’t worth it.
The more things you can add, the safer you’ll be, and two-factor authentication is a great place to start.
4. Be careful what you click on
Cybercriminals still use widespread phishing attacks with malicious emails, links and attachments, and unfortunately, they’re more successful than you might think. We’re all so busy today and we often just don’t pay as much attention as we should. All it takes is one wrong click and attackers can gain the full access they need to do real damage.
There was a famous Facebook example recently where a bad actor created fake ads that would then direct to malicious websites. One cautious way to overcome these potential lapses is to stop clicking links and ads and type a UR instead. It may be an extra step, but it can be a great way to avoid bad URL strings, with carefully constructed wrong letters (for example, one “0” instead of an “o” and look-alike domains).
5. Make sure you use secure networks
This is always great advice, especially if you or your employees tend to work in restaurants, coffee shops, airports, or other less-than-secure destinations. To overcome these cybersecurity concerns, you should always make sure you’re using a virtual private network (VPN), and even make sure you configure it so it will start as soon as you log in.
VPNs aren’t just for businesses today; you should get used to using them when you’re going to be on a public network — even if you’re simply watching Netflix to kill time. While they may seem like an extra expense, these pale in comparison to the high cost of losing your identity or suffering a ransomware attack.
6. Don’t pay the ransom
There is a point to be made for paying, in that many people need their data back quickly and think the payment amount isn’t that high, so they consider paying just to end this bad experience.
However, it is advisable not to pay for the ransom for a number of reasons. First, there’s no guarantee that the cybercriminals will actually do what they say. (After all, they hacked your computer, remember?). Additionally, there have been many cases where the attackers have come back a second time, after they found either new “juicy” information or some especially sensitive data. You just never know.
Finally, there’s the idea that if no one actually paid, the cybercriminals would have less and less success and would stop looking to profit with ransomware attacks. Many believe we should all adopt a zero-tolerance approach in order to help the whole community benefit.
7. Invest in anti-malware and ransomware software
Today’s anti-malware and ransomware cybersecurity solutions are extremely effective and give you the best chance to defend against ransomware attacks and other cyber threats. For example, Acronis Cyber Protect includes secure ransomware protection that uses built-in MI-based ransomware capabilities.
Finally, the use of whitelisting and blacklisting strategies is a great idea and one that can be extremely effective in improving cybersecurity. In this case, if entities or applications are not on an approved whitelist, they are not approved for automatic installation.
8. Additional Information
Interested in learning more about a wide array of cyberthreats, including ransomware, and how you can take the most advantageous steps to defend against them?
Download our white paper, “Cyberattack Techniques and What They Mean for Your Business” today.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.