Beware of Ransomware

Ransomware is a type of malicious software, or malware, that encrypts users’ files or blocks access to their computer systems until a ransom is paid to a criminal to release them. It can destroy personal and business files, leading to stolen data and large financial losses. This exploitation scam targets and exploits both human and technical vulnerabilities, in that the malware is often delivered through email via infected attachments or links that direct users to an infected website. 

The impact, especially for businesses, can be devastating. These attacks can result in the temporary or permanent loss of sensitive or proprietary information, disruption to operations, financial losses incurred from disrupted business operations and restoring systems and files, and potential harm to the business's reputation. 

To help combat these malicious threats, the American Bankers Association offers these tips: 

For consumers:

  • Don’t click. Be cautious when opening e-mails or attachments you don’t recognize even if the message comes from someone in your contact list. Visiting unsafe, suspicious, or fake website links can lead to the intrusion of malware.
  • Always back up your important files and photos. By maintaining offline copies of your personal files, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to take heed of threats posed by cybercriminals.
  • Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
  • Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen. 

For businesses:

  • Educate your employees. Employees can serve as the first line of defense to combat online threats and can actively help stop malware from infiltrating the organization’s system. A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.
  • Manage the use of privileged accounts. Restrict users’ ability to install and run software applications on network devices, in an effort to limit your networks exposure to malware.
  • Employ a data backup and recovery plan for all critical information. Backups are essential for lessening the impact of potential malware threats. Store the data in a separate device or offline in order to access it in the event of a ransomware attack.
  • Make sure all business devices are up to date. Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans so that your operating systems operate efficiently.

If you are a victim of a ransomware attack, immediately disconnect the affected device from the Internet and isolate it from the network, but do not turn it off as this can result in a loss of valuable forensic data. Contact your local police and your local FBI field office, and file a compliant with the Internet Crime Complaint Center.