The biggest risk to your organisation are the people working within it. Infections generally get into your system because someone inside was tricked into opening an unsafe file or link. Everyone who uses your computers or network has the potential to infect your entire system – all files they have access to are at risk. For this reason it is important to educate your entire team about being safe online so your organisation isn’t the next victim of a cyber attack.
Ransomware, like other viruses and malware, can get on your PC in many ways including:
- Visiting unsafe, suspicious, hacked, or fake websites.
- Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
- Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts.
- Clicking on malicious or bad links in instant messenger chats, like Skype.
You will suffer severe disruption to your organisation after a ransomware attack – especially if it’s infected by encryption ransomware. These infections are usually not picked up by antivirus software. And you will lose some or all of your data forever, the encryption is usually not reversible without the key which is only available from the attacker if you pay their ransom. We recommend that you never pay the ransom. Even if you pay the ransom you may not get the key, and you are simply funding these attacks so that they are more likely to continue happening – and as an organisation that pays, you are more likely to be targeted again. The best solution to ransomware is prevention rather than cure and this starts with being safe on the Internet, with emails, and with online chat:
- Do not click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
- Be particularly wary if after clicking a link you are asked to download, run or open a file or script.
- Be suspicious of Microsoft Office documents that ask you to enable macros.
- Your IT support department, Microsoft and other trusted organisations will never email you a file or system update to open at random. Unexpected emails saying they are from your system administrator, IT team, managing director or otherwise with such instructions are probably not what they seem. They may even appear to come from a genuine email address – this is known as spoofing.
- Fake websites may have “microsoft” or “apple” or other brands in the website address, but it should never be taken for granted that the website is genuine.
- Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
- If you receive an email with a link saying you need to login to an account for some reason (eBay, PayPal, your bank etc.) then it is far safer to manually type the web address for the website in your web browser than to click the link. Fake emails and websites can be setup to look like the organisation you think they are purely to harvest your login details.
- Hackers have even been known to pose as IT support or Microsoft on the phone to try to gain access to your computer.
A quick email or call to the helpdesk to check that something is genuine if you’re unsure is far better than the damage that can be caused if you become a victim. If you’re ever unsure – don’t click it, check with us!