Skip to content

Financial Balance Group

Menu

Protect yourself from ransomware

Protect yourself from ransomware

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so that you can no longer access them.

A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files, or to prevent data and intellectual property from being leaked or sold online.

A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you. This will help you to invest the right amount of time, effort and money into protecting your systems.

You should consider:

  • What can you replace? For example, files you downloaded from the internet.
  • What can’t you replace? For example, photos that aren’t backed up.
  • What would you spend to recover your information or device after a ransomware attack?

Follow the steps in this guide to mitigate the risk and impact of a ransomware attack.

   Secure your devices to stop ransomware attacks

   1. Regularly update your devices

Cybercriminals use known weaknesses to hack your devices. Updates have security upgrades so known weaknesses can’t be used to hack you. You should always update your system and applications when prompted. You can also turn on automatic updates on some devices and applications so that updates happen without your input.

If you have a server or Network Attached Storage (NAS) device in your network, make sure they are regularly updated too.

   2. Set up and perform regular backups

A backup is a digital copy of your most important information (e.g. photos, customer information or financial records) that is saved to an external storage device or to the cloud.

The best recovery method from a ransomware attack is to restore from an unaffected backup. Regularly backup your files to an external storage device or the cloud. Backing up and checking that backups restore your files offers peace of mind.

   3. Implement access controls

Controlling who can access what on your devices will help reduce the risk of ransomware. It will also limit the amount of data that ransomware attacks can encrypt, steal and delete.

To do this, give users access and control only to what they need. This can be done by making sure each person who uses the device has the right type of account.

There are two types of accounts you can set up on Microsoft Windows and Apple macOS; a standard account and an administrator account. Everyday users should have a standard account. Only those who need to should have an administrator account. Consider creating a standard account to use as your main account as they are less susceptible to ransomware. It’s also important that users don’t share their login details for accounts.

   4. Use antivirus software

Antivirus software can help to prevent, detect and remove ransomware on your device. Make sure you turn on your antivirus software and keep it up to date.

   5. Turn on ransomware protection

Some antivirus products offer ransomware protection. Make sure you enable this function to protect your devices.

For Microsoft Windows devices, you can enable ‘controlled folder access’ within Windows Security. This will prevent designated files on your device from being encrypted by ransomware.

   6. Disable macros

Microsoft Office applications can execute macros to automate routine tasks. Macros can be used to deliver ransomware to your device so they should be used with caution.

If you don’t need to run macros, it is best practise to disable them. If you do need to run macros, consider preventing macros from running automatically and restricting which macros can run.

   7. Turn on multi-factor authentication

Multi-factor authentication (MFA) makes it harder for cybercriminals to gain initial access to your device, account and information by making them jump through more security hoops and additional authentication layers. This means that the cybercriminal will have to spend more time, effort and resources to get into your device before any ransomware attacks can begin.

MFA typically requires a combination of two or more of the following authentication types before granting access to an account:

  • something a user knows (PIN, password/passphrase)
  • something a user has (smartcard, physical token)
  • something a user is (fingerprint, iris scan). 

   
   8. Use unique passphrases

If your accounts do not have multi-factor authentication then make sure to use a unique passphrase. Never reuse a passphrase across multiple accounts. This could help stop ransomware from spreading or your accounts being compromised.

   Extra measures for small business or advanced home networks

   1. Secure your servers

If you use a NAS or other server in your home or business, take extra care to secure them. These devices are common targets for cybercriminals because they often store important files or perform important functions.

   2. Minimise external facing footprint

Audit and secure any internet exposed services on your network (Remote Desktop, File Shares, Webmail, remote administration services). Discuss this with an IT professional if you are unsure.

   3. Migrate to cloud services

Consider using online or cloud services that offer built in security, instead of managing your own. For example, use online services for things like email or website hosting.

   Understand how to prevent ransomware attacks

   1. Check messages you receive

Cybercriminals will send you fake messages to try and get you to take some action. For example, they might ask you to click a link, download a file or give away your personal information. If you receive a message that you weren’t expecting it might be a way for a cybercriminal to get access to your account or device.

   2. Be careful opening files and downloading programs

Sometimes you need to open a file or download a program from the internet.

Avoid opening files that you receive unexpectedly or from people you don’t know. As an example, don’t open an email attachment if you don’t recognise the email address or weren’t expecting to receive it.

Do not download files if they have a different file extension than what you were expecting (for example, a file that ends in .exe or .msi when you were expecting a PDF or image).

Check that software is made by a reputable company before downloading and installing on your device. Always download software from the company’s official website or an official app store.

   3. Avoid links that ask you to log in or reset your password

Sometimes you might receive a link that asks you to enter your credentials or reset your password. Do not enter your credentials after receiving instructions from an unexpected message. This could be a phishing attempt designed to steal your login details.

If you think the message might be legitimate, find another way to action the request. For example, if you need to change your password for an account go to the official website and request to reset your password there.

   4. Remain vigilant and informed

Sign up to get alerts through the free ASD’s ACSC alert service. This service will send you an alert when a new cyber threat is identified.

Source: Australian Cyber Security Centre (ACSC)