Tips to prevent and handle a ransomware attack for PCs and mobile devices

Ransomware attacks are becoming a more significant cybersecurity challenge for many businesses. In Q1 2021, the average ransomware payment was $220,298, up 43% from Q4 2020, according to Coveware research. Average ransomware payments are increasing over time. For most of 2019, average ransom payments were less than $100,000. Most (i.e., 77%) of ransomware attacks threaten to release stolen data. Given these facts, it is prudent to learn how to avoid ransomware attacks.

Small businesses are also targeted by ransomware attacks. It is estimated that 20% of all ransomware victims are small to medium-size businesses. A smaller business may be less prepared for a ransomware attack. Fortunately, you can reduce the risk by practicing ransomware prevention techniques.

What is ransomware?

Before offering ways to potentially prevent ransomware attacks, it is helpful to define the threat further. According to the Cybersecurity & Infrastructure Security Agency (CISA), ransomware is a type of “malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

Best practices to prevent ransomware.

Use the following general tips to inform your ransomware prevention program.

1. Check ransomware alerts issued by CISA.

Ransomware is an ever-evolving type of malware, so it makes sense to regularly look for new threats. To help you stay up to date on new threats, monitor the alerts issued by CISA. For example, CISA provides detailed guidance on how to respond to DarkSide Ransomware and FiveHands Ransomware. 

2. Avoid using unknown USB devices.

Inserting an unknown USB device (also known as a thumb drive) into your computer can transmit ransomware. If you must use a USB device to store and transfer data, make sure it has only been plugged into computers you trust. Disabling the auto-run feature on your computer for USB devices and thumb drives is one way to reduce the security risk associated with this type of technology.

3. Use VPN services on public Wi-Fi networks.

Connecting to a public Wi-Fi network may expose your device to ransomware. That’s why you may want to use a virtual private network (VPN) service while using such networks.

4. Avoid clicking on unsafe links.

Malware may be transmitted through unsafe links. If you see a link to an unknown website, consider it carefully before clicking it. It is possible to automatically start a download by clicking on a link. 

By hovering over the link, you can see the full link path at the left bottom of the Chrome web browser. You can check if a link is safe with Google’s Safe Browsing site checker.

5. Keep your operating system and apps up to date.

Regularly installing updates for your operating system and software is another way to prevent attacks. For example, Petya ransomware from 2017 exploited the fact that many people had not downloaded and installed an update provided by Microsoft.

6. Exercise caution with email.

A significant amount of ransomware—over 25%, according to Coveware—is transmitted through email. To reduce this risk, slow down and carefully look at emails that have attachments. If the email comes from an address you don’t recognize, you may want to avoid opening the attachment.

7. Maintain backups of critical data.

Despite your best efforts at ransomware protection, you might still be impacted. In that case, an encrypted offline backup of your data is recommended by CISA. When you have access to secure current backups, you will have access to your data without paying a ransom and can more easily recover from a ransomware attack. However, keep in mind that the attacker still has your data.

8. Use cyber incident response training to create a plan.

Ideally, you will have an incident response plan prepared before a ransomware attack occurs. The incident response plan may include identifying threats, mitigating threats and recovery. 

In addition, the American Public Power Association suggests identifying your cyber incident response team, creating a 24/7 contact list for critical personnel and partners, and compiling documentation on business-critical systems. A well-developed cyber incident response plan can help you handle any ransomware attacks that may impact your organization.

How to prevent a ransomware attack on a Windows PC.

In addition to the general ransomware prevention tips covered above, there are Windows-specific tips to keep in mind.

• Turn on Windows Security. Using the Microsoft Security app can help prevent ransomware from impacting your PC. 
• Use Controlled Folder Access. In Windows 10, you can protect certain files and folders from attack by using the controlled folder access feature. By using this feature, you will prevent the contents of the folders from being changed or encrypted, so use this capability carefully.
• Restart your device weekly. Microsoft recommends restarting your computer at least weekly so updates can be properly installed.

How to prevent a ransomware attack on your Mac.

Consider using these ransomware prevention tips on your Mac devices.

• Choose apps from the App Store only. Apps submitted to the App Store are required to meet security requirements, so it is reasonable to assume that Apple would not approve ransomware apps. 
• Avoid pirated software. Downloading pirated software is not recommended—some ransomware has been spread by Bit Torrent (e.g., ThiefQuest in 2020).
• Use Gatekeeper. Apple has produced an app called Gatekeeper, which performs “online checks to verify if an app contains known malware.” Double-check your settings to verify that it is enabled (i.e., check warnings are enabled by opening System Preferences, then go to Security and Privacy) and pay attention to its warnings.

How to prevent a ransomware attack on a mobile device.

Supplement the other tips provided in this article with these recommendations:

• Avoid jailbreaking your Apple device. Jailbreaking is the process of circumventing the restrictions Apple puts in place. 
• Only install approved apps. Only download apps for your Apple device from the App Store. With Android devices, only download apps from the Google Play Store.
• Back up your phone data. Regularly back up your mobile device so you have the opportunity to restore data in the event of a problem.

Responding to a ransomware attack.

If you suffer a ransomware attack, you have a few options to respond. 

• Seek legal advice. Consider contacting a lawyer with experience in data breaches or malware issues for advice on your situation.
• Notify law enforcement. Notify law enforcement of the incident (e.g., the FBI) by filing an Internet Crime Complaint Center (IC3) complaint.
• Check your insurance policy. In some cases, your insurance may help cover some of the costs associated with responding to a ransomware attack.
• Remove ransomware from Windows computers. Restarting your computer in safe mode and running anti-malware software to remove the ransomware can help. Removing the ransomware app will not necessarily decrypt your files, however, so you may need to restore files from a backup.
• Remove ransomware from Android devices. Try restarting the device in safe mode and then removing any suspicious apps. In some cases, you might have to use the factory reset feature to remove the ransomware. Keep in mind that using the factory reset will delete all data on your device, so consider carefully if you have important data backed up before using this step.

Coveware estimates that a business hit by ransomware suffers an average of 23 days of downtime, counting the attack and recovery. That’s why it is worthwhile to invest time and resources into ransomware prevention.