How to protect yourself from ransomware

Last updated on 27th September, 2022 at 04:58 am

Our quick transition to working from home has had its benefits, but along with these comes the increased risk of cyberattacks. Safeguard your devices from ransomware with these expert tips.

What is ransomware anyway?

As the name suggests, ransomware is a type of malicious software that infects your device and holds your files and other data ransom – a bit like a bank heist, except instead of tellers and customers being held against their will in exchange for a large sum of money, it’s your files and other data that are held captive. “Ransomware is usually spread via phishing emails containing malicious attachments, or when a person visits an infected website,” says Mikey Molfessis, a Mimecast cybersecurity expert. Infected websites can include those that many people use for torrenting music and video files for free. “Once a link has been clicked on and an attachment downloaded, opened and installed, the victim’s device is in the control of the criminal. Ransomware may steal, delete or encrypt the data, and the controller of the ransomware may request a ransom payment to release the data, decrypt information or restore stolen data,” adds Nischal Mewalall, CEO of the South African Banking Risk Information Centre. Often these unscrupulous individuals or organisations will set the ransom in cryptocurrency, making it nearly impossible to pay – and the release of the captive data isn’t always guaranteed.

Why should you care about ransomware?

Thought ransomware only targeted executives and millionaires? Think again. Our transition to working from home has meant you’re as desirable a target as any. Research conducted by Mimecast in 2020 revealed that just short of three quarters of South Africans use the devices issued by their employer for personal activities, which goes against many companies’ policies. “The most common activities included checking personal emails (66%), carrying out financial transactions (52%) and online shopping,” says Molfessis. At least two of these activities involve sensitive money-related transactions, meaning whatever information is being transferred is at the mercy of ransomware if you’re using an unsecure home Wi-Fi network. These transactions over unsecured networks make users so vulnerable, in fact, that nearly half of South African respondents surveyed for the Mimecast State of Email Security Report 2021 said that their organisation had been the target of a ransomware attack in just the past 12 months. “Personal activities on company-issued devices create new opportunities for cybercriminals to launch sophisticated attacks that can be hard to identify and avoid, especially where employees do not receive regular and effective cybersecurity awareness training,” says Molfessis.

The damage caused by ransomware can be financial, involve disruption and loss of productivity, and yes – even reputational damage. Data is considered the most vulnerable and valuable commodity now, so if it lands up in the wrong hands, the consequences can be extremely dire for both a company, its employees and its clients.

Are you vulnerable to attackers?

“The most common way that malware is installed onto a victim’s device is through phishing, which is a social engineering tactic used by criminals to manipulate people into clicking on links or attachments in unsolicited emails masquerading as a file they should trust,” says Mewalall. Clicking on a link may take you to an infected website, and after downloading any files from the website, your device is no longer under your control.

Another concern is handling sensitive transactions over public Wi-Fi networks. They are not secure, which means your browsing session could easily be intercepted by a third party, who would have the freedom to access your personal or banking information. “Our advice is to avoid public Wi-Fi at all costs, especially when it comes to work applications or activities, or the handling of private or financial information,” says Molfessis. It may be convenient to use a public Wi-Fi network to save your mobile data, but then be sure not to conduct any sensitive transactions while using that connection.

Take these steps to stay safe

Both Mewalall and Molfessis stress the importance of being vigilant when receiving unsolicited emails or browsing sites you are not familiar with. They share some easy tips for safe browsing and communication:

Don’t let curiosity kill the cat

If you receive an email from an unfamiliar sender, you should already be on high alert as to the legitimacy of the content. “Did someone email you a link to a funny video and the message looked a little strange? Did a random company say you’ve won a competition that you’ve never entered and requested that you just ‘click here?’ Be careful: cybercriminals could be trying to install malware on your device and gain access to it. Rather connect directly to the advertised website and see if the claims are in fact valid,” cautions Molfassis. “Don’t reply to these unsolicited emails,” adds Mewalall. “Delete them immediately.”

Only download from trusted sources

Say you receive an email punting an app that could make your life easier. If this isn’t an automated email you receive prompted by your own actions on a trusted website, for example, apply a healthy level of scepticism. “Don’t bypass built-in security measures by ‘rooting’ your device,” says Mewalall. “Read the access requirements before you accept the software installation of new apps.”

Use strong passwords and change them often

“Remembering a long and complicated password can be a chore, but it’s an important part of digital security,” says Molfassis. “Use a password manager to help you remember and use passphrases that are easy to remember but hard to crack.” Then, ensure you use different passwords on different sites for added protection.

If you make online purchases using your credit card, use multi-factor authentication (MFA)

As the name implies, the steps needed to authenticate a transaction will include multiple factors, for example, receiving a one-time password (OTP) sent via SMS to your personal mobile phone when logging in to your banking profile, or making a payment.

Have a healthy sense of distrust

We’re not asking you to be paranoid, just vigilant. “Most banks have strict policies over the type of information they request from customers either via phone or online. If you feel unsure or uncomfortable during a phone call with someone claiming to call from your bank, end the call and dial your bank’s call centre. You’ll easily be able to determine if the call was legitimate or not,” says Molfassis.