Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. In 2016, the estimated cost of ransonware was over 1 billion dollars (1).
It's a huge problem that could disrupt your business by rendering your computer systems unusable until a monetary ransom is paid to the criminal. This is why you must focus on prevention.
Here are some steps you can take to reduce the risk:
1. Back up your most important files on a regular basis. Having a backup of your critical data will enable you to restore your system to regain functionality without paying the ransom to the criminal.
2. Deploy a quality endpoint security product. Although no security product is 100% foolproof in blocking these types of attacks, it can provide a solid layer of protection against malware and is a requirement for PCI-DSS compliance. Lucas provides this to all "Premier Services" customers.
3. Be extremely cautious of opening email attachments. Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. Also, refrain from opening attachments that look suspicious. Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
4. Think twice before clicking. Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible. Recreational use of any component of your POS goes against best practices; only use the system for justified business processes. If possible, you should consider deploying separate systems that are not integrated within your POS environment for personal internet and email use.
6. Keep your systems patched with the latest security updates. Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date. This habit can prevent compromises via exploit kits. Again, this is another service provided to Lucas Premier customers.
7. Maintain a perimeter firewall properly configured at all times. The deployment of a perimeter firewall that is properly configured to allow only the necessary traffic for business functionality is absolutely critical.
8. Use strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk.