opinion

How Not to Get ‘Pwned’ by Ransomware

How Not to Get ‘Pwned’ by Ransomware

Ah, summertime. Unlike 2020, now we can go out and have a drink in public, though that means you’ll have to talk to other people. And it seems that two of the most popular topics of conversation are UFOs and ransomware attacks. At MojoHost, we don’t know much about UFOs, but we’re definitely familiar with ransomware and the technological battle against it that’s required to keep customers safe and secure.

The best way to deal with the growing ransomware scourge is to avoid getting hit at all. The good news is that you already have some of the leading security experts in the world working to protect your various computing devices. They work for companies like Microsoft, Apple, Google and many more. These companies’ systems engineers are constantly updating and improving your operating system and other devices. So go ahead, find a quiet few weekend hours (or, more realistically, overnight) and click that dreaded Upgrade button. Seriously! I know Windows 7 still has the round Start button, but it’s really time to get on an up-to-date build of the latest OS.

The best way to deal with the growing ransomware scourge is to avoid getting hit at all.

“Zero-day” vulnerabilities get all of the cool names and press coverage. They are attacks that are exploitable against a fully up-to-date operating system. However, the vast majority of actual exploits in the wild rely on the ocean of “un-updated” software. As a practical matter, if you’re not a nation-state or world-renowned corporation, you probably have a greater chance of getting hit by lightning than of falling prey to a zero-day attack. While it may be annoying as heck when operating system updates come at inconvenient times, doing them will make a big difference to your overall system safety.

Beyond your desktop or laptop computers, networking devices that link us to the web and make our lives easier have an abysmal track record when providing the gateways that allow exploitation. Far from being highly secure, many of these “internet of things” (or IoT) devices are implicated in some of the most significant cyberattacks and biggest infiltrations to date.

The good news is that there’s no need to go back to the pre-connected era to find safe refuge. Buying well-supported devices from major manufacturers (versus “cheaper” equipment) can improve security. Companies such as Amazon and Google have significant incentives to keep their widgets up to date with the latest security improvements, if only to avoid the hassle and negative press of being implicated as the Trojan horse in an attack.

If you have other devices that have a more dubious security history or a less reliable vendor, then it is a great idea to make a separate WiFi network just for them. Putting all these devices on a “wild west” network will not necessarily prevent them from being attacked. Still, at least if your smart vacuum cleaner gets compromised, the attackers will be confined to the device’s network and be unable to pivot to the real goodies on your computers.

Speaking of WiFi, it’s a great idea to invest a few bucks in a high-quality WiFi setup. There are several excellent options out there, including those from Google, Amazon’s “eero,” Ubiquiti, Netgear and more. For these systems, expect to pay several times the price of an entry-level WiFi router, but rest assured that these systems (the backbone of your network) are updated regularly and come with numerous helpful security features. In many cases, they even support running a second WiFi network for all your devices on the same physical hardware, saving the cost and hassle of running a second WiFi router for all of your IoT devices.

Unfortunately, even with all of these precautions, there’s a chance that you’ll get unlucky. The evil fairy of ransomware exploits will single you out for an attack (or your dumb cousin will borrow your computer for a few minutes and be unable to resist clicking on that ad telling them they won an iPad from a Nigerian prince). No matter how it happens, even being hit with such an attack is (probably) not the end of the world.

Always assume that every last byte of data on your computer will cease to exist at a moment’s notice. This is good practice in any case since your hard drives can quite easily quit all on their own with no help from ransomware.

For smaller and more easily backed-up files, such as text documents and spreadsheets, consider saving them in a folder backed up by one of the many reputable cloud storage providers. The software powering these services will quickly sync your files each time that you save them. If your computer is locked or fails, you can download a copy of your files onto any other computer. If you use a system like this, it’s essential to ensure that you can access multiple historical replicas, so even if ransomware manages to overwrite your files with an encrypted version, you can easily retrieve a pre-encrypted version.

For larger files, like video media, make it a practice to make regular backups on hard disks that aren’t easily accessible from target computers on your network. Consider keeping them on a storage system with snapshots to roll back to a clean version if you suffer from a ransomware attack. If you use a cloud solution for these, make sure to regularly sync a copy to a local hard drive just in case the cloud provider has their problems. Those backup services are a more valuable ransomware target than you are, after all.

And if you do get hit with that attack, but happily get all your data back from your backups, it’s probably still a great opportunity to replace the hard drive on your computer with a new one. Not only are new hard drives likely bigger and faster than what you already have, but they also won’t have any malignant remnants of the ransomware attack floating around (which could reactivate itself at the least convenient time). If you can afford it, using solid-state drives (SSDs) is the best way to move into the future as they are hundreds of times faster and have significantly lower failure rates than traditional spinning hard disk drives.

These steps don’t cover things like anti-virus protection and avoiding phishing and other attacks in the first place. All of those tips are particular measures that require near-perfect execution, which is impossible for most humans. However, today’s simple tips to update, isolate and back up are universally good ideas that will protect against ransomware (and hardware failures as a bonus).

So, get back out there, enjoy a cold one and find something else to talk about. Like UFOs, I guess? Or how, armed with these tips, you now feel much less afraid of ransomware attacks.

Brad Mitchell is the famed founder of MojoHost, which has won numerous XBIZ Awards for Web Host of the Year and earned many loyal clients for nearly two decades. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. Be sure to back up your data on MojoCloud in case of ransomware! Contact brad@mojohost.com to learn more about the suite of services on tap.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More