How to Defend your Data from Ransomware and Other Malware Scams

The WannaCry attack launched on May 12, 2017, was described by Europol as being “at an unprecedented level” in terms of malicious software schemes. The attack quickly spread to hundreds of thousands of devices around the world, extorting funds from users in exchange for access to their personal data.

WannaCry & Ransomware Explained

WannaCry is a piece of malicious software designed to infect a computer, replicate itself, and spread to other devices. Specifically, WannaCry is “ransomware”— a type of malware that encrypts and blocks access to a user’s data and demands payment to unencrypt the information.

The victims of the WannaCry attack were told that their data would be deleted in a matter of days if they did not pay the perpetrators several hundred dollars in Bitcoins.

WannaCry is neither the first, nor the costliest widespread ransomware infection. Nonetheless, it became a global news story within hours due to the scope and speed of the attack. The worm’s impact was felt in all the following sectors and industries:

Small- and enterprise-level merchants
Industrial manufacturers
Shipping and transportation
Universities
Government organizations
Hospitals
Financial Institutions
Local and national utilities

Unfortunately, even those who paid the WannaCry ransom were highly unlikely to get their data back due to writing flaws in the worm’s programming.

Ransomware Attacks Growing at Alarming Rate

The prospect of losing data in an attack is scary enough for individuals, but devastating to businesses that depend on access to essential data for day-to-day operations. That reliance is what makes them especially attractive targets.

While overall malware attacks increased rapidly in recent years, the rise of ransomware since 2013 has proven even more shocking. Research suggests the number of ransomware attacks in 2016 was 167 times higher than the previous year, with 2017 shaping up to be another record-breaker.

Learn how to reduce chargebacks and protect your business from fraud.

Fortunately, there are a few basic practices which will help provide some ransomware protection for merchants, substantially reducing the risk of falling victim to these and other attacks.

#1. Choose the Right Web Host

Security should be one of the most important factors in determining the right provider to host your site.

Some providers offer shared hosting, with multiple users’ sites hosted from a single server. This is less secure than dedicated hosting, which is more expensive but offers much stronger security. Dedicated hosting is highly recommended for eCommerce merchants, considering the volume of sensitive customer and transaction data they store.

Less-reputable hosting services may also use outdated or poorly-maintained servers, and are unlikely to have a secure datacenter in case of emergencies. This leaves them vulnerable to new attacks and hacking attempts.

#2. Backup Your Information

Ransomware depends on victims who need access to their data. If a backup of this data exists, the attacker has no power.

Businesses should perform daily backups to ensure that they have a secure way to recall data if locked out by an attacker. This provides some measure of insurance in the event of a ransomware attack.

Of course, the destination to which the backup data is saved should be offline and not directly connected to the infected system. When using external drives, they should only be connected while performing a backup. If the source is connected at the time of an attack, the program will penetrate and lock the backup source as well.

You can also use a third-party data backup tool, like NAKIVO Backup & Replication for VMWare, Hyper-V and other computing environments.

#3. Train Employees about Suspicious Links and Attachments

All an attacker needs to do is compromise one device with access to a network, and that entire network is exposed. This is a serious concern for businesses with large employee bases, as their inconsistent tech knowledge may inadvertently allow malicious software into the network.

Some experts suggest sending occasional simulated phishing emails throughout the organization as a training method. While this seems like a lighthearted game, it helps employees identify the hallmarks of a phishing attack over time.

Train members of your organization to recognize suspicious email links and attachments. Fraudsters often use these to either access networks directly, or to phish for login credentials that will allow them access. Through education, though, you can substantially tighten up your organization’s security.

#4. Encrypt Sensitive Data

All businesses dealing in sensitive information of any kind should be SSL-certified and PCI-compliant. Acquirers typically mandate this certification, but this is not always the case.

SSL technology blocks unauthorized users from accessing information through complex layers of data encryption. This is widely viewed as the gold standard of encryption for digital data, and is required for a site to be compliant with PCI DSS (or “Payment Card Industry Data Security Standard”).

PCI DSS compliance operates under an “honor system” model for smaller businesses, allowing organizations to police their own security standards. Larger businesses, however, will have regular mandated audits to ensure compliance with PCI standards. Businesses in the former category should remember these standards are in place for a reason—circumventing them will ultimately hurt the business most of all.

#5. Keep Software Up to Date

Malware evolves rapidly. To keep pace, it’s vital that businesses constantly update and upgrade their systems and processes to respond to new and developing threats. This applies to more than just antivirus, firewall, and security programs; any out-of-date process in your business infrastructure can be a liability.

Check for software patches on a regular and frequent basis to ensure that your security remains current. Software providers release periodic updates to guard against newly-developed or identified security weaknesses. Some will also release special emergency patches when a major threat like WannaCry surfaces if they identify any potential vulnerability in their systems.

#6. Contain Infections Quickly

Any time a system is invaded by an aggressive strain of malware, such as a ransomware attack, immediate action is necessary.

The first step should be to disconnect any impacted systems or devices from the network to try and stop the malware from spreading. This includes disabling Wi-Fi and Bluetooth capability on those devices, as malware can potentially spread via those methods as well.

After the infected systems are quarantined, the next phase is to attempt to identify which strain of malware is responsible. Security companies have developed decryptors and other “cures” for many known malware strains. If impacted by ransomware, you may be able to use a decryptor to bypass the lock without being forced to pay the ransom.

Malware Attacks Still Hurt—Even After the Attack Ends

High-profile data breaches are nothing new, but the incredible increase in malware, and specifically ransomware attacks, is something that cannot be taken lightly.

There is no effective work-around when a business’s data is held hostage; the entire organization grinds to a halt until that information is released. This interrupts business, freezes revenue, and impairs customer service—all are factors which can lead to a flood of chargebacks once the business is back online.

Concerned about how dramatic increases in ransomware, malware scams, and other online criminal activity may lead to increased chargebacks and revenue loss for your business?

Contact Chargebacks911® today. Our representatives are waiting to speak with you about our innovative solutions for revenue retention and business sustainability.