Some Important Key That Can Help to Protect Your Computer and Website From Ransomware Attack
The number of computers reported infected by a global ransomware attack in India has over 48,000 ransomware attack attempts in India, with West Bengal witnessing the most incidents, a central cybersecurity official said, adding that steps taken by the government have helped limit its spread.
Small Indian businesses and individuals continue to report being hit by the cyber-extortion campaign that began on Friday and has affected computers around the world, disrupting essential services and forcing some to meet the unidentified hackers' ransom demands.
The hackers targeted the “low hanging fruit” in an attempt to take advantage of website and computers owners who were lax in their approach to security.
Needless to say, no one likes to have their website hacked or computer hacked. It wastes your time restoring your site; you can lose business; and you can endanger other sites and organizations if your site gets used in further attacks.
While there are many sophisticated protections, we’ll focus some of the most basic precautions that can help keep you from becoming the next “low hanging fruit.”
1. Backup, Backup, Backup
Always, always, always backup your system and keep several versions. If you are hacked, those backups may be critical in getting your site up and running again as quickly as possible. It is very possible that you may not realize for weeks or even months that you were hacked. So your best protection then is to have a number of older versions that you can retrieve that can provide a clean base from which to work.
Note: you should also test your backups from time to time to make sure they work. Imagine finding out at a critical moment that all of those backups you have been so careful to make are not working. In the world of technology nothing is a given. So it is better to be safe than sorry.
2. Keep your site patched with the latest security updates
No software is 100% secure. As any software system is developed, security vulnerabilities will be found and software “patches” created to fix those vulnerabilities. Therefore, it is absolutely critical to keep your site up-to-date with the latest security patches. Your out-of-date website is much more likely to be hacked.
The good news is that newer versions of Joomla and WordPress have easy-to-update systems with one-click updates. Just backup the site, run the update, and then test to make sure everything updated and is running properly. Ideally, you should run the updates in a staging or testing area and then move those changes to production once you’ve tested and make sure that everything works.
You should also monitor the extensions you are using on your site. They can have vulnerabilities as well and need to be kept up-to-date.
3. Don’t use “admin” or other common usernames
Logging into a site typically requires two pieces of information: the username and the password. If you use a simple to guess username such as ‘admin’ or your first name, the hacker has 50% of his job done and needs only one more piece of information to accomplish his goal.
Older versions of WordPress don’t allow you to change the default admin username. However, with newer versions of WordPress as well as with Joomla, you can set the administrator’s login name when the site is first installed. You also change it again later. If you still have a username of ‘admin’ on your site, change it to something difficult to guess. I’ll wait here for you until you get back. Got it changed? Good. Let’s keep rolling.
4. Use a secure password
Believe it or not, there are lists of the most commonly used passwords. You would be shocked at the number of people who use passwords like ‘password,’ ‘123456,’ ‘abc123,’ ‘letmein,’ or ‘iloveyou’. Hackers take advantage of these simple-to-guess passwords, because it makes their job really, really easy.
So, what is a secure password?
A ‘secure’ password is one that is really difficult for a computer to guess. For example, your password should be at least 8 characters and preferably 12 or more characters long. It should contain a mixture of upper-case and lower-case letters along with numbers and special characters such as *, !, -, and &. And, you should avoid using your family member’s or pet’s names or other common words that might be found in a dictionary.
Suggestions on Creating and Storing Passwords
One option for creating your passwords is to use a password management application like KeePass (or KeePassX for the Mac). KeePass will store the different passwords for each site or application you use. (Oh, and you are using different usernames and passwords for each site aren’t you?) KeePass also includes a random password generator that will generate – you guessed it - random passwords, which are generally more secure.
Another approach to creating secure passwords is to use memorable phrases such as a favorite saying, a line from a song, or a favorite Bible verse. Take the first letter from each word of the phrase and add some numbers and special characters and you have an easy (or at least easier) password to remember but one that is still more secure.
One last thought on passwords. Don’t write down your password and leave it on a sticky note on your monitor. Sometimes hackers are coming from inside your company. It could be another employee or it could be someone on the janitorial crew coming by your desk at night.
5. Deactivate old users and remove unused extensions
Oftentimes, we’ll see sites where numerous extensions were installed to experiment and test that are no longer in use. These can be prime targets for hackers mainly because website owners will often forget to update the extensions as new versions come out.
Likewise, if you have any users that no longer need to access your site – especially if they have administrative access – it is wise to deactivate their accounts so that those old accounts likewise don’t become targets for hackers.
Conclusion
I hope you’ve gotten a clear picture that any website or computer is a target for hackers. Whether they want to steal credit card numbers, use your system for their own plans of mischief, or just obtain world domination, it is vitally important to take basic security precautions.
In summary, remember to:
- Backup, backup, backup
- Keep your system up-to-date
- Use a hard-to-guess username
- Use a secure password
- Uninstall / remove unused extensions and inactive users
If you aren’t technically oriented, it is often best to have a maintenance agreement with an outside web development agency with the proper technology skills to keep your system up-to-date and backed up.


 
7 comments
'Thank you for bearing with us as we further investigate the recent hacker attack on our site. We know it's important to keep you in the loop! Many of you are wondering why we didn't disclose this earlier. The simple answer is: we didn't have any solid facts and couldn't see the magnitude of the situation. Based on just a handful of early complaints, we immediately initiated an investigation. It wasn't until very recently that a cyber forensics company retained by us found malicious software placed on our servers by hackers. Please know that as soon as we had more solid information, we shared it with you promptly and openly. shopping Online Pakistan
ReplyDeleteI am fully satisfied with the information you have posted. Good job. Keep posting
ReplyDeletemobile web development
I’m impressed with the post which you have shared. This is very informative to know the benefits of outsourcing web development services.
ReplyDeleteHire Opencart Developer
Mobile App Development India
Hire Magento Developer
Hire Magento developer India
The article you've shared here is fantastic because it provides some excellent information about ERP Solutions Company in Singapore that will be incredibly beneficial to me. Thank you for sharing that. Keep up the good work.
ReplyDeleteImpressive and powerful suggestion by the author of this blog are really helpful to me. Cloud Computing Brisbane
ReplyDeleteI as of late happened upon your blog and needed to communicate the amount I enjoyed perusing your postings. I'm trusting you'll compose again soon. Thank you kindly for the amazing data. Professional Website Design Houston
ReplyDeleteI appreciate you sharing the information you have provided. It is quite useful and is informative because google cloud admin contains some of the most useful information.
ReplyDelete