10 Ways To Prevent Ransomware Hacks

BACK UP FILES REGULARLY AND REMOTELY
Cyber-crooks have far less leverage if they’re trying to deny access to something you have backed up on a hard drive in the sock drawer. Back up files regularly on a external physical drive.
DO NOTHING
For a ransomware attack to succeed, it usually requires the victim to take action: Some victims click a toxic link sent on social media or through Skype chat or open an email attachment that lets the attacker in. So the least expensive yet possibly most powerful action to take to prevent an attack is to do nothing at all — don’t click or open anything you weren’t expecting to get without being absolutely sure of its safety, and that includes being sceptical of links or attachments from friends or family. Ransomware criminals like to hack an account and blanket the victim’s contact list with bait.
NEVER PLUG IN A STRANGE FLASH DRIVE
People are naturally curious. They find a flash drive, assume someone accidentally dropped it, and can’t stop themselves from wondering what interesting, scandalous, or secret things they might find, or think they just got something for free. But hackers have been known to drop infected flash drives in public places for just this reason. When people plug in a mysterious flash drive to satisfy their curiosity, they inadvertently do the hackers’ work for them.
DEACTIVATE AUTOPLAY
Auto-play allows applications to open digital media instantly, and ransomware can exploit this and trick computers into running a program. When auto-play is turned off, users are prompted before media files are opened, which allows an opportunity to examine the source. This is a free way to potentially save lots of money.
LAYERS OF DEFENSE
The best anti-ransomware defence is layered, with simultaneous use of the big three: antivirus applications, firewalls that block unauthorized access, and web filtering software that can guide users away from a constantly changing list of dangerous sites (and keep them off-limits to kids). Make sure the firewall is turned on; PC users who want more than what’s built in to Windows can buy a security solution with a firewall such as Norton, McAfee, Kapersky.
STAY UP TO DATE
For absolutely free protection, accept and install all updates to computer operating systems, browsers, and plug-ins as soon as they arrive. (Thousands of organizations failed to do so and left themselves vulnerable in the current global cyberattack.) Many updates involve patches and security enhancements for vulnerabilities that companies such as Apple and Microsoft work constantly to find and repair. If they’ve already identified a vulnerability in an operating system, chances are cyber-criminals have too. The easiest targets are computers running on yesterday’s patches.
ENABLE FILE EXTENSIONS
In Windows, file extensions (such as the .JS that identifies a file as JavaScript) are disabled by default; to see what a file is, users have to look at its thumbnail. By enabling extensions, computer users have a better chance of accurately identifying abnormal file types that they generally wouldn’t get, such as those used by ransomware attackers. A user seeing they’ve been sent a JavaScript file could — and should — open it in a text editor such as Notepad for examination, because scripts can’t run there.
DEVELOP A PLAN
If you’re attacked by ransomware, it is highly unlikely you’ll be able to recover or unlock files on your own, but you should still know the dos and don’ts. First: Do not restart the computer! This is a common mistake people instinctively make in hopes of remedying the problem. But restarting almost certainly won’t undo any damage and will very likely help the malware expand to other files. One thing you should do is disconnect from the internet immediately, and from any network the computer shares with other devices.
STAY INFORMED
Most of the information needed to avoid becoming a ransomware victim is free and readily available online. Stay up to date with constantly changing threats. Do you know what a watering hole attack is? Do you know the tell-tale signs of a social networking attack? Maybe you’ve heard of phishing, but what about spear phishing? When there’s enough free time to flip through sites on your phone, consider reading up on these threats and tactics and the many others out there.
DON’T PAY
For people who have already fallen victim, there’s only one way to save money: Don’t pay the ransom. It is common for the attacker to take over victims’ screens with a message claiming to be from a law enforcement agency such as the FBI (often with a message that says their computers were used in a crime or to view child porn) and saying they must pay fines, almost always in untraceable Bitcoin, to regain control. But this is never the work of an actual law enforcement entity — and the FBI officially advises against paying any ransom. Doing so could result in ongoing extortion, or the criminal may simply take the money and run without providing the unlock key for the encrypted files. Payments embolden attackers to victimize others and, even worse, the ransoms could be used to fund other illicit activity.
TRY EXPERT HELP
A site called No More Ransom, created by Interpol, Dutch law enforcement, and the companies Intel Security and Kaspersky Lab, includes a free repository of keys and applications that can decrypt data locked by various ransomware schemes. “Not every type of ransomware has a solution,” the site says, but it has more than 160,000 decryption keys in its arsenal.