Our helpdesk received an email from a client this morning, a screenshot showing that server files had changed names to include “email@example.com.” This client had just recovered from ransomware in September, which is statistically not uncommon. In the US, over 50% of businesses experienced a ransomware incident during the past year. This specific client utilizes an offsite backup solution from ITS; in both attacks we were able to download their clean files from the previous day and deliver a portable hard drive to their office to upload these clean files to their server.
Wondering how ransomware happens? Various IT security reports indicate that worldwide, a majority of ransomware attacks originate from email. These emails are often phishing emails: emails that appear realistic and authentic and urge the end-user to contribute account credentials, click a link or take other action that compromises accounts and data.
How can you keep your network safe from email-triggered ransomware? The first step is to train employees on how to effectively read an email.
- Check the sender information. Does this come from a known contact? Does the sender name match the sender email address?
- Consider behavior: is this type of message common for this contact? Is this a sharing protocol we normally use (if the email contains a link to Dropbox, Google Drive, Zip file, etc.)
- Check grammar and spelling. Are things written in a sensical manner? Does the greeting or closing sound off? (Good Sir, Please reply us, Kindly re-submit your…, Yours Faithfully, etc.)
- Hover over links: if you drive your cursor over a link and hover without clicking, you should see a preview of where the link will lead you. If it does not appear to be a link directly to a known and trusted website, abandon ship! If the link appears to point somewhere reputable, you can always go directly to the named website in your browser by typing in the address and checking your account data through the known website.
Plan For Backup
The second step in defeating ransomware is to have a recovery plan. The best way to recover from ransomware is to restore from backup. Make sure critical data is backed-up daily, and consider doing a bare-metal backup to speed up the recovery process if you would need to wipe and restore a server or desktop/laptop.