September 2017: Avoiding Ransomware Attacks
Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. According to a 2017 Symantec report, the average ransomware payment has increased to over $1,000. This is up from $294 the year before and “consumers are the most likely victims of ransomware, accounting for 69 percent of all infections in 2016.
Similar to a phishing attack, ransomware executes when a user is lured to click on an infected link or open an infected attachment. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include:
- an embedded link in an e-mail offers up free merchandise or gift cards
- an e-mail that appears to be from Google Chrome or Facebook invites recipients to click on an image
- a well-crafted website mimics a legitimate website and prompts users to download a file or install an update
- an enticing advertisement encouraging you to click immediately
To avoid becoming a victim of ransomware, users can follow these tips:
- Delete any suspicious e-mail. Messages that offer deals that sound too good to be true are most likely malicious or a scam. If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.
- Avoid clicking on links or opening attachments from unsolicited messages. This goes for email, instant messaging, and social media content. Links within email, Word documents, and Adobe files may infect you with ransomware.
- Use e-mail filtering options whenever possible. E-mail or spam filtering can stop a malicious message from reaching your inbox.
- Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will help your security software detect the latest malware variations.
- Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimize the likelihood of someone holding your computer or files for ransom.
- Back up your files. Back up the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files. Multiple backups are best with one being off-site or in the cloud.
Microsoft Malware Protection Center: Ransomware FAQ
Data Backup Facts & Statistics