How to Remove Malware?
━━━━━━━━━━━━━
Follow these three easy steps to remove malware from your device.
1. Download and install a good cybersecurity program. As it happens, Malwarebytes has programs for every platform we’ve discussed in this article: Windows, Mac, Android, and Chromebook.
2. Run a scan using your new program. Even if you don’t opt for Malwarebytes Premium, the free version of Malwarebytes is still great at removing malware. The free version, however, does not proactively stop threats from getting on your system in the first place.
3. Change all your passwords. Now that you know you’re not being snooped on by some form of malware, you need to reset your passwords—not only for your PC or mobile device, but also your email, your social media accounts, your favorite shopping sites, and your online banking and billing centers. This may sound paranoid, but with spyware, banking Trojans and the like, you just don’t know for sure what data was captured before you stopped the infection.
As always, use some form of multi-factor authentication (at least two-factor) and don’t think you need to memorize all your passwords. Use a password manager instead.
• If your iPhone or iPad is infected with malware (as improbable as that may be). Things are a little trickier. Apple does not permit scans of either the device’s system or other files, though Malwarebytes for iOS, for example, will screen and block scam calls and texts. Your only option is to wipe your phone with a factory reset, then restore it from your backup in iCloud or iTunes. If you didn’t backup your phone, then you’re starting over from scratch.
How to Protect Against Malware?
━━━━━━━━━━━━━
In no particular order, here’s our tips on protecting against malware.
1. Pay attention to the domain and be wary if the site isn’t a top-level domain, i.e., com, mil, net, org, edu, or biz, to name a few.
2. Use strong passwords with multi-factor authentication. A password manager can be a big help here.
3. Avoid clicking on pop-up ads while browsing the Internet.
4. Avoid opening email attachments from unknown senders.
5. Do not click on strange, unverified links in emails, texts, and social media messages.
6. Don’t download software from untrustworthy websites or peer-to-peer file transfer networks.
7. Stick to official apps from Google Play and Apple’s App Store on Android, OSX, and iOS (and don’t jailbreak your phone). PC users should check the ratings and reviews before installing any software.
8. Make sure your operating system, browsers, and plugins are patched and up to date.
9. Delete any programs you don’t use anymore.
10. Back up your data regularly. If your files become damaged, encrypted, or otherwise inaccessible, you’ll be covered.
11. Download and install a cybersecurity program that actively scans and blocks threats from getting on your device. Malwarebytes, for example, offers proactive cybersecurity programs for Windows, Mac, Android, and Chromebook.
Plus, our latest offering, Malwarebytes Browser Guard. It’s free and it’s the only browser extension that can stop tech support scams along with any other unsafe and unwanted content that comes at you through your browser.
How does Malware Affect my Business?
As noted in the Malwarebytes Labs Ransomware Retrospective, ransomware attacks on businesses went up 365 percent from Q2 2018 to Q2 2019.
So why are cybercriminals bullish on business attacks? The answer is simple: businesses present a broader attack surface and more bang for the buck. In one noteworthy example, the Emotet banking Trojan hobbled critical systems in the City of Allentown, PA, requiring help from Microsoft’s incident response team to clean up and racking up remediation costs to the tune of $1 million.
In another example, the SamSam ransomware brought the City of Atlanta to its knees by taking down several essential city services—including revenue collection. Ultimately, the SamSam attack cost Atlanta $2.6 million to remediate.
And that’s just the clean-up costs. The costs involved with a data breach and the resulting cases of identity theft are through the roof. The Ponemon Institute’s 2019 Cost of a Data Breach Report pegs the current average cost at $3.92 million.
On the high end, the settlement costs from the 2017 Equifax data breach, which started with a simple and easy to protect against SQL injection, are reportedly around $650 million.
The majority of malware attacks on businesses as of late have been the result of TrickBot. First detected in 2016, the Trickbot banking Trojan has already gone through several iterations as its authors strengthen its evasion, propagation, and encryption abilities. Considering the tremendous cost associated with a malware attack and the current rise of ransomware and banking Trojans in particular, here’s some tips on how to protect your business from malware.
• Implement network segmentation. Spreading your data onto smaller subnetworks reduces your attack surface—smaller targets are harder to hit. This can help contain a breach to only a few endpoints instead of your entire infrastructure.
• Enforce the principle of least privilege (PoLP). In short, give users the access level they need to do their jobs and nothing more. Again, this helps to contain damages from breaches or ransomware attacks.
• Backup all your data. This goes for all the endpoints on your network and network shares too. As long as your data is archived, you can always wipe an infected system and restore from a backup.
• Educate end users on how to spot malspam. Users should be wary of unsolicited emails and attachments from unknown senders. When handling attachments, your users should avoid executing executable files and avoid enabling macros on Office files. When in doubt, reach out. Train end users to inquire further if suspicious emails appear to be from a trusted source. One quick phone call or email goes a long way towards avoiding malware.
• Educate staff on creating strong passwords. While you’re at it, implement some form of multi-factor authentication—two-factor at a bare minimum.
• Patch and update your software. Microsoft releases security updates the second Tuesday of every month and many other software makers have followed suit. Stay in the loop on important security updates by subscribing to the Microsoft Security Response Center blog. Expedite the patch process by launching updates at each endpoint from one central agent, as opposed to leaving it up to each end user to complete on their own time.
• Get rid of end of abandonware. Sometimes it’s hard to get rid of old software that’s past its expiration date—especially at a large business where the purchasing cycle moves with the urgency of a sloth, but discontinued software is truly the worst-case scenario for any network or system administrator. Cybercriminals actively seek out systems running outdated and obsolete software so replace it as soon as possible.
• Get proactive about endpoint protection. Malwarebytes, for example, has multiple options for your business with Endpoint Protection, Endpoint Security, and Endpoint Protection and Response. And for small businesses looking to protect up to 20 devices, check out Malwarebytes for Teams.