Ransomware and Phishing Attacks: Why Anti-Virus Software Can't Save You
Installing and keeping anti-virus software up to date on computers and mobile devices has become a de facto cybersecurity best practice — and for good reason. Like other technical safeguards, anti-virus software has come a long way in its sophistication since its early days in the late 1980s and early 1990s. There are many reliable and reputable options for anti-virus and anti-malware protection for corporate organizations and personal devices, and they provide an important layer of security for data, devices, and systems.
But you cannot count on them to stop ransomware infections, and they absolutely cannot prevent phishing emails from reaching your inbox.
Our Study Shows Users Place Too Much Trust in Anti-Virus Software
As part of our newly released 2017 User Risk Report — in which we interviewed more than 2,000 US and UK workers about their personal and work-related cybersecurity habits and beliefs — we found that far too many people believe that anti-virus software is a cybersecurity failsafe. In fact, 58% of US survey participants said they believe that up-to-date software can prevent them from being impacted by a cyberattack, and 37% of UK respondents shared that belief.
This is, in a word, dangerous.
The reality is, as sophisticated as these types of software have become, they are at the root reactionary tools. Anti-virus software cannot prevent against unknown virus and malware strains. Protection from new and emerging threats can’t be incorporated into the software until those strains become known — i.e., until they infect something — and the software is updated accordingly. In addition, cybercriminals actively seek opportunities to work around well-known anti-virus platforms, and they often test their malware against those systems before launching an attack to ensure that the malware is undetectable.
Ransomware should be of particular concern on both the corporate and personal sides. These aggressive infections can lock systems, encrypt files, and jump from device to device, rendering files inaccessible and (if backups are infected) unrecoverable unless a ransom is paid or a publicly available decryption tool is successful in restoring files to their pre-infection state.
Check out the Wombat Vlog for tips about avoiding social engineering scams, preventing identity theft, and more.
The latest Data Breach Investigation Report from Verizon noted that 2016 brought “more technical and process innovation in ransomware than we have seen since the invention of Bitcoin-enabled anonymous payments.” The report’s section on ransomware — titled “Ransom Notes Are the Most Profitable Form of Writing” — featured data and analysis from McAfee, a leading provider of anti-virus software. They found that email was the top infection vector for malicious software like ransomware, with “social actions” like phishing attacks figuring in on 21% of incidents. They also said the following of the role of security software in the fight against malware:
Although [endpoint protection systems and added detection techniques] have increased detection and prevention rates, the volume of ransomware variants and the criminals’ speed of adaptation mean the techniques are unlikely to be 100% effective, thus necessitating further action.
What You Can Do to Protect Yourself
Know this: This post is not a call to uninstall your anti-virus software and throw up your hands in defeat. Rather, it’s a call to expand your thinking and carry the knowledge that technical safeguards — while very helpful and valuable — cannot prevent all cyberattacks from happening. Your decisions and your actions matter.
Here are a few tips to keep in mind:
- Educate yourself about phishing prevention techniques. You are very much in the driver’s seat when it comes to social engineering scams like phony emails that attempt to trick you into clicking malicious links, downloading infected attachments, and/or revealing personal or sensitive data (like financial information and login credentials). If you don’t take the bait, these attacks won’t succeed.
- Don’t underestimate the ransomware threat. Cybercriminals use these attacks to get a quick return because they know people don’t want to be without access to important business and personal files (like family photographs and tax documents). It is critical to realize that paying the ransom offers no guarantee that you will regain access to your data. Prevention and planning are key. Our infographic can help you get up to speed on this threat and ways to avoid ransomware attacks, and the website nomoreransom.org is an excellent resource, particularly if you find yourself infected.
- Install anti-virus software on all your devices. Technical safeguards aren’t just for desktop PCs. Many effective, well-rated options exist for mobile devices like smartphones and tablets. Do a little research and choose the application that’s best for your platform.
- Reboot PCs regularly. Many anti-virus software variants run automatic updates to add protections against the latest discovered virus and ransomware strains, but they often require a reboot to take effect. (This is also the case with some operating system updates, which fix flaws and vulnerabilities.) It’s a great idea to restart your system at least once a week (or immediately if you receive a notification that a reboot is required to complete critical updates).
Subscribe to the Proofpoint Blog