Businesses and home users alike are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption.

But what does a typical attack look like? And what security solutions should be in place to give the best possible defense?

This post highlights the commonly used techniques to deliver ransomware and outlines some security recommendations to help you stay secure.

Ransomware attacks are showing no signs of slowing down and hackers are getting ever craftier at getting round cybersecurity defenses.

In a recent survey of 5,400 companies across 30 countries, 37% said that they had fallen victim to a ransomware attack in 2020. It’s a huge issue – and we are all part of the solution. 51% of respondents in the United States said they experienced ransomware. Clearly, ransomware is one of the most widespread and damaging threats that internet users face. It makes the news nearly every single day in shape or form. Cyber criminals are getting smarter and are evolving attacks constantly meaning ransomware isn’t going away anytime soon.

What is Ransomware?

Ransomware is a type of malicious software that cybercriminals use to extort money from their victims.

How Does a Ransomware Attack Start and Unfold?

First hackers, using several different methods, attempt to gain access to your computer and ultimately, your personal files and data. Once they have achieved this, they install the ransomware.

The ransomware then executes and encrypts your valuable files such as Word documents, Excel spreadsheets and sensitive data so that they can’t be used. Hackers then demand a ransom payment in return for access to your files.

How Do Hackers Get Access to Your Computer in the First Place?

Attackers can get into your system in multiple ways.

The two most common ransomware methods are:

1. Malicious attachments contained in Phishing Emails designed to look like legitimate communications.
2. Poisoned Websites redirecting you to malicious pages.

Anti-ransomware technology has a key role in stopping it. But when it comes to IT security everyone has a part to play! Educating yourself is critical in spotting bogus emails and compromised websites both of which could give hackers an easy way into your network. To help you identify and avoid ransomware we’ve put together a few quick tips that apply whether you’re in the office or at home.

Tips to Avoid Ransomware

Spotting a Phishing Email

Well, before you can spot a phishing email, it’s important to understand what phishing is.

Phishing is any type of attempt to trick you into doing something to benefit the crooks, usually through an email.

The three most spoofed brands that hackers attempt to mimic in emails are Apple, Amazon, and Microsoft. Their global coverage and high brand recognition makes them ideal targets for cybercriminals in their phishing attacks.

To the untrained eye, a mass phishing email can easily go undetected and provide hackers with swift access to your computer.

Phishing emails will often:

1. Look like they come from a company/people you work for or with whom you do business.
2. Contain suspicious looking attachments or links.      
3. Ask you, in an urgent tone, for personal information, such as banking details or attempt to have you click a link / open an attachment.

To spot a phishing email, always check the following:

1. Email address. Does the domain match to the company’s website? The ‘From’ name might be ‘Amazon.co.uk’ but more often or note, the email domain does not match this at all.
2. Look out for generic impersonalized language. Phishing emails are often sent out in bulk. If you don’t spot your name, be suspicious!
3. Poor spelling, grammar, and odd syntax. This isn’t always the case but more often or not is a telltale sign of a bogus email.

Be Wary of Unknown Attachments!

Watch out for file types that you aren’t familiar with or use in your day-to-day work. They are often disguised as other file types to fool you into clicking on them. If you aren’t sure about it, check with pim.

When it comes to phishing scams, remember this anagram:

P: Promises—Does it promise unbelievable things?

H: Harassment—Is it harassing you or pressuring you to get a reply?

I: Instincts—Does this “feel” wrong?

S: Sense of Urgency—Is there a time crunch? Is it insisting you act now or else?

H: Hit delete. Don’t click or engage. Just delete!

If in doubt, report it to pim and hit delete to make everyone else in the company aware of the phish!

How to Spot Bogus Websites

The web is a fantastic place to find memes, but it’s also one of the keyways hackers are able to access your computer to install ransomware.

Check Your Links

Make sure that links go to where you think they do. Often crooks will disguise a website address to make it look authentic.

They also use a trick known as masking. Masking is where the link looks legitimate but when you click on it, you’re taken somewhere completely different. However, if you hover over a link before you click on it you can see where it really goes.

Protect Your Passwords

A weak password is an easy road in for a hacker to access your online accounts.

pim’s password recommendations:

1. Make passwords at LEAST 12 characters long.
2. Utilize a mix of upper and lowercase letters.
3. Include special characters.
4. Make them impersonal. Avoid sentimental names. Hackers can derive these from your social media presence!

We also recommend using a unique password for each online account that you have. We do appreciate that this entails problems of its own however, if a hacker gets a hold of a password that is used on multiple accounts, then a hacker now has access to several of your accounts.

We recommend using a password manager to help with having to remember eleventy thousand unique passwords for multiple accounts.

Rather than having to enter a password, the manager will:

1. Recognize the username you are entering and then…
2. Auto populate the password field for you.

Furthermore, should you ever change your password, the manager will recognize this and amend its database automatically.

You may feel a bit wary having all your passwords stored in one central place, but any password manager worth its salt uses heavy-duty encryption to keep your information safe. In addition, many offer two factor authentication (2FA), adding another layer of security.