Don’t Click That Link - How to Stop Ransomware


Don’t Click That Link


In a world ripe with fierce competition and challenging economic forces there remains to be nothing scarier than digital font in blue underlined ink. That’s right, one of the biggest threats your company faces today is cybercrime in the form of ransomware. That ransomware, is emailed to your staff and stakeholders in the form of a link and/or attachment with an inviting prompt to click to open. Once done, malicious software takes over and blocks access to your data until (maybe) ransom is paid. The ransom, can be enough to cripple your business for good.


While everyone is aware of ransomware, few business take it seriously enough to take appropriate preventive action. Why is this the case? Some feel isolated from the threat given that they don’t provide financial services, healthcare, or one of the other top targets for hackers. Big mistake.


There are examples everywhere of unexpected targets being taken down by ransomware. CSO recently reported on a local brewery which became victim of targeted ransomware attack via a job vacancy ad. Hackers lifted a “for hire” post on the brewery’s website and published it on international recruitment sites. What followed was a wave of supposed applicants, all with resumes/CVs attached to their respective emails. Among those attachments, was one containing a Dharma Bip ransomware payload. The email attachment was opened and ransomware payload hidden within a PDF started encrypting files. The ransomware infected the office's Windows domain controller, which is used in corporate user authentication and provision of access to key resources. The brewery was locked out of its computers systems, and the attackers followed up by demanding ransom payment, via bitcoin.


Unfortunately, the above example of an attack on a local business is not an exception, but the rule, as hackers are targeting small and medium business given the persistent lack of preparedness for ransomware attacks. And yes, you’re on their list. Thankfully, there are common sense steps that your company can take to prevent a ransomware attack, and it all starts by telling staff to not click a link or open an attachment, without first doing the following.


5 Things Your Company and Staff Needs to Do Before Clicking Links and Attachments in a World Full of Ransomware



1. Identify What a Suspicious Link Looks Like


It’s not ideal, but everyone in the company must develop click anxiety. You must question every link and attachment that comes across your screens. If the email, link, or attachment exhibits any of the following, don’t click until the sender can be verified:

  • Shortened links - Ransomware distributors and phishers conceal the true destination of a link using common everyday URL shorteners including, TinyURL,, and more.

  • Unsolicited emails - Emails containing links that ask recipients to confirm/verify information or change passwords, when the recipient did not make the request in the first place. This is likely a phishing scheme.

  • Links with strange characters - Link that contain a garbled mess of characters, numbers, letters could be coming from hackers that use URL encoding to hide the true destination of the link.


Malicious links may also be hidden within enticing anchor text. For example, a recipient may receive an email with a link hidden within “your trade show photo gallery”. Instead of clicking, hover (when on a laptop/desktop) over the anchor text to view the URL destination. If you don’t recognize it as a trusted source, stay away.


2. Switch to a Secure Messaging for Key Internal Communications


In our downloadable white paper titled Top 4 Cybersecurity Tips to Protect Your Business, we called upon companies to limit the use of email for important internal communications, and instead adopt a secure messaging application that offers end-to-end encryption. By having staff become accustomed to sending sensitive links and attachments via secure messaging, not only will your communications become more secure, staff they will know to be rightfully suspicious of emails with links/attachments purporting to come from internal sources.


3. Perform Frequent Backups and Adopt the Cloud


The brewery in the example above did not end up paying the ransom. For them, the value of the data lost did not justify with the financial demands. They were afforded the opportunity to not cave in to the culprits because they had made backups. Granted, a backup had not been performed in three-months, but it was enough to continue their course of business without taking a devastating hit to operations.


You need to ask yourself how much data you can afford to lose. Is it three-months worth, three-weeks, three-days, or fewer? Your backups need to be performed accordingly. However, doing so “manually” can be labor intensive, less efficient, and not as effective. By adopting cloud hosting you address your data backup needs by generating redundancy in your approach to information management. Backing up data to the cloud in real time will effectively reduce your reliance on manual backups and physical infrastructure, which in the end will make you less susceptible to hacker demands, should someone inadvertently or intentionally click a malicious link or attachment.


4. Adopt Advanced Endpoint Threat Protection


There are choices you can make with respect to your software as a service (SaaS) that will help protect your business from ransomware delivery. For instance, adoption of MS Office 365 is one. MS Office 365 offers enterprise level threat protection with real time protection as it relates to today’s topic. This includes securement of staff and company mailboxes and other applications where which malicious links and attachments can be delivered. The SaaS also offers holistic security in Microsoft Teams, Excel, PowerPoint, Visio, SharePoint Online, OneDrive, and Word. View more on how MS 365 can help keep ransomware away.


Equally important, is the adoption of even more advanced forms of endpoint threat protection, those that apply artificial intelligence (AI) and machine learning to detect advanced malware, targeted attacks, and more. One tool known as CylancePROTECT offers SMBs protection from ransomware, malware, malicious documents, advanced threats, and spearfishing alike. This is in-part accomplished by enabling Script Control, where which CylancePROTECT prevents a click-prompted malicious script from downloading the payload. And if for whatever reason the payload should find its way into the environment, it is quarantined prior to execution.


Investment is advanced endpoint threat protection for your business is no longer a luxury - it is essential.


5. Secure the Services of an IT Firm That Provides Ransomware Protection


The above protocol can be effective, but procurement and management can be so resource intensive that you may spend a greater effort playing defence against ransomware attacks that you neglect the normal course of business - everything that you need to do to better serve customers/clients and increase profits. This is why you need to hand the reigns over to a Managed Services Provider with extensive experience in ransomware prevention.


But there’s an even greater reason to consider this.


In item number one above we addressed the need for real time data backups via cloud adoption. While this will certainly help mitigate the risk of all that can come from a ransomware attack, don’t let this lull you into a false sense of security. Beginning November 1 2018, an update to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) is being released. From that date on, businesses are required to alert the Privacy Commissioner and Canadians if their personal information is compromised as a result of a data security breach, or face an up to $100,000 fine. So even though you may have the backups in place to take the power away from cybercriminals preying on click-happy staff, you could end up paying much more from either a fine or public relations backlash that comes after consumer data is compromised.

Bring in IT support to help you institute the above security protocol. Until then, this contact us link is the only one you should click.