Being asleep at the wheel can prove costly

Credit Source

Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of highly targeted file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.

Sophos’ ‘The State of Ransomware Report 2022’ revealed that over the last year, over 78% of Indian organisations faced ransomware attacks, up from 68% in 2020. Furthermore, the average ransom paid to get their data encrypted was $1.2 million, with 10% of victims paying a ransom of $1 million or more. This makes it imperative for enterprises to implement best practices to guard against ransomware. Here’s how to do it:

Backup regularly and keep a recent backup copy offline and offsite

In case of a ransomware attack, having an encrypted backup can save enterprises precious time and financial resources in getting operations back up and running. Having a backup that is regularly updated and available offline and offsite also ensures that leaders do not have to worry about the backup device falling into the wrong hands.

Enable file extensions

The default Windows setting has file extensions disabled, meaning enterprises have to rely on a file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to users, such as JavaScript.

Be cautious about unsolicited attachments

Ransomware attackers rely on the dilemma users face over whether or not to open a document when they are unsure of the sender and its contents. In cases where the authenticity of an email cannot be confirmed, a good practice is to exercise caution and report suspicious content.

Monitor administrator rights

IT teams should ensure that they constantly review admin and domain admin rights, and are updated on who has them and remove those who don’t need them. Besides, users should not stay logged in any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while they have administrator rights.
Use strong passwords

Sounds trivial, but it really isn’t! A weak and predictable password can give hackers access to an organisation’s entire network in a matter of seconds. It is recommended that users employ passwords that are at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation Ju5t.LiKETh1s!

Read Full Article

Originally appeared on: TheSpuzz