How to Avoid a Ransomware Attack

How to Avoid a Ransomware Attack

How do people avoid ransomware attacks in 2022? It's early January 2022, there’s a ton of ransomware attacks out there right now. Cybercriminals ramped up at the beginning of 2021. Now, they are continuing through 2022. How can society stop these ransomware attacks, and how can people prevent themselves from being a victim of ransomware attack?

Well, unfortunately that answer is not so simple. There's a lot of different scenarios that you could be in. You could just be an individual user at home who's looking to protect their home network, or you could be running a company and you're concerned that you are going to get hit with ransomware and you want to know how to protect yourself from these ransomware attacks and how to prevent them. That is what we're going to talk about briefly. Get into some of the things that you can start doing. Let's look at the statistics first.

Statistics prove that 85% of ransomware happen through a human being tricked into doing something through social engineering, through phishing, whatever vector they use to get to you or to get to the human involved in starting the ransomware attack, that's usually where 85% of the attacks come from. Let's just go over the 85% right now. No need to worry about the 15%, because you kind of need to be a trained cybersecurity professional or IT person because it's technology that breaks down or technology that's not configured right or technology that's not maintained that usually causes the other 15%.

So, a person who is not technical how could they possibly become a victim of a ransomware attack, how  about preventing these things from happening to them when this is 85% of the way that cyber criminals make these things happen?

The first thing that comes to mind is stop using the same passwords all over the place. You're like, "Well, how does that prevent ransomware?" Well, ransomware attackers what they need first before they can deploy ransomware, is something called access to your network. Usually they outsource that or somebody else gets the access, and then they hire the ransomware criminals to come in and do their dirty work. It's usually not the ransomware criminals today who are getting access to your computer or your networks; it's other cyber criminals who are able to do this. And then the ransomware criminals come in as kind of like an affiliate or a third-party and do the ransomware damage once they have access.

One of their favorite things to do is to go in the dark web, find compromised passwords, and then go try to log into various services or various networks that they might be able to get access to using credentials that they found on the dark web. For instance, a couple years ago, it was probably three or four years ago, LinkedIn got hacked and all of their LinkedIn passwords ended up on the dark web. Also, if you didn't change your password from what you were using on LinkedIn, essentially your password was out there for any cybercriminal to come along and use.

That's what these cyber criminals do. They wait for someone to make a mistake like using the same password across multiple sites and never changing it, and then one day they stumble across a combination of your email address or your username and a password that you like to use. Then, they start just trying to log in to different websites, different banking websites in hopes that they can find the bank that maybe you're banking with. Maybe hoping that they can overtake your social media and use your trust with your friends and family to maybe exploit them or pull off some kind of scam. Also, get into your computer or your network by simply sending you a link or some kind of text message through smishing, where they text message you a link and you click on it and now they have access to your phone, or they're calling you and they're asking you to do something like go to your computer and go here.

There are all kinds of different ways that these cyber criminals can get into your computer and get that access once they have these passwords and usernames in their hands. So don't use the same password across multiple sites. Use a password manager. Password managers make this simple to use a simple tool that allows you to create a complex and unique password on every site and everything that you log into. Coming from multiple cyber experts, they suggest you should look into password managers. This is one of the ways that you can prevent and stop ransomware attacks.

Now, stopping ransomware attacks isn't going to happen with one tool. It's not going to be a password manager. So, we need things on our computer that can detect whether or not there's fishy things going on by a cybercriminal. There's antivirus products out there, which I'm sure you're familiar with. There's also something called endpoint protection. Endpoint protection is kind of like the more advanced cutting edge antivirus or security product that is out there. There's a lot of different things besides just your traditional antivirus and your anti-malware. There could be a lot of different features built into different products, but the days are over where you want to be using an antivirus product or a product that says antivirus on it, and you especially don't want to be using a free one.

Now there’s some people out there that say "Hey, Windows Defender is just fine," and there's people in the IT world that think Windows Defender is just fine. In certain cases, that may be the truth, but in most cases, that's not going to be the case. You're going to need an advanced endpoint protection product on your system to protect you from all the threats that are out there. Experts are not talking about just when ransomware gets deployed; their talking about when they get in the network or get into your computer before you realize or know that cybercriminals are there. These products can be good at detecting these types of things. The second thing you can do is invest in a good endpoint security product for your computers, for your business or your network. That's going to help you be able to prevent ransomware attacks.

Another way that we can avoid ransomware attacks is just being smarter about what's coming into our social media accounts, our email, our phones in terms of messages, text messages, all those different kinds of things. One of the things I would highly recommend that you do is make sure that you have a way to learn about the different tactics and ways that cyber criminals are attacking people today. Be very, very, very careful about what you click on and what you open, especially from attachments and links from people that you may think that you know, but it really wasn't them who sent it. Let’s break it down like this.

Let's say you and someone are friends and we email each other regularly, and then one day a cybercriminal takes over my email unbeknownst to you and starts sending you messages that look like it comes from my email address, my email account. It says, "Hey, check out this thing." Maybe it was something we were talking about recently, and it's just a link to a website. It says, "When you open it up, just click run." So you go to the site, you click on it and you click run. You do it because you thought that was your friend and you think, "Oh, that's okay, my friend sent it to me. No worries." Then you click on that link and the next thing you know an hour or two later, I'm getting this ransomware thing popping up on my screen, and I really don't know how that happened, other than my friend sent me an email and that you clicked on a link. Just because you get an email from a friend, doesn't mean you should click on it.

These are the things that you need to be aware of. You need to be extra vigilant these days with the things you click on, the things you open. Even though, they came from somebody you know or trust or it looks like the email address of somebody you know or trust, I would always be on the side of caution and question it. Call that person up. "Hey, did you just send me this email?" They may not know that their email account is hacked and now you're helping them recognize that they have a problem.

If you do encounter a situation where a friend or you are being told that you're sending emails to people, you want to change your password on your email as quickly as possible. This means a cybercriminal is logging into your email and sending out these messages. These messages are ways that people get tricked into clicking on things because they just don't think to twice that their friend's email account could be hacked. Now the easy side of this, or the easy way to spot some of these fake phishing emails or when the email address comes in with my name but it's not my email address or something about the email is off, the spelling is off, the grammar is off, all these different things that clue you in to like, "Hey, is this really real?"

Sometimes you might fall victim to clicking on a link. What happens when we click on that link?

Well, a lot of times you may or may not know that something was executed in the background depending on whether or not you have admin rights. With computers, many people have been used to setting up an account with administrator rights on their Window’s computers for so long that cyber experts think it's odd that somebody's saying, "Hey, don't do this." Well according to this there's one thing that can stop about 96% of the ransomware that's out there today, so if you really want to know how to avoid ransomware, you can just do this one thing. Don't use your computer every day under an administrator account.

Why do we need administrator accounts on computers? We need administrator accounts on computers to install software, to make system settings changes, and to do other things that require higher levels of elevation because they change things at a deeper level on the operating system or on the computer. The reason that it's set up like this is so if you want to set up somebody who can't really screw up the computer, you give them an account without administrative rights. What experts recommend, is create a standard user account on your Windows computer, and use that to log in and do your business, and only use the administrator account when you know you need to install software to sit there and it allows the system to run as an administrator all the time.

By going to websites and going onto social media and doing all this stuff, it's just begging for a cybercriminal to get something on your system and install it with you probably not even knowing that it happened. Had you been using a standard user account on that computer, you would've been prompted. It would've said you don't have rights to do this, and it would've popped up with a username and password prompt, and you would've had to have put that in order for the malware or payload to get put onto your system.

So, if you want to avoid ransomware attacks in 2022, the best thing you can do is all the things above. Also stop using the administrator account on your computer and log in with a standard user account and only use the administrator account when you know you need to install something or do something on the system that requires that admin username or password.