As you’re probably aware, ransomware is a type of malicious software that extortionists use to hold computers and data for ransom. There are many different strains of ransomware, just like there are many different online gangs that use the malware to make money. And while ransomware attacks on the news usually mention victims such as oil pipelines, businesses, schools, media outlets, and police stations, it would be a mistake to assume that the malware doesn’t hit nonprofit organizations like charities.
For example, according to The Charity Report, several American hospitals and social systems have been recent targets of ransomware attacks, with hackers demanding $1 million to unlock systems. In August 2020, the same publication found 24 Canadian charities, like the BC Cancer Foundation and Canada’s National Ballet, hit by ransomware attacks. One of the more high-profile organizations to suffer from a ransomware attack was the Christian charity, The Salvation Army. Its London Data Center was the target of encrypting malware.
There are three reasons why charities get hit by ransomware despite obviously being nonprofit organizations:
- Most criminals lack morals and won’t hesitate to target charities. (Though, perplexingly, one group is donating some ransomware extortion money to charities.)
- Some ransomware strains infect systems indiscriminately through automatically generated spam and phishing emails.
- Nonprofits are sometimes easier targets because they don’t have the budget for robust cybersecurity.
If your nonprofit isn’t concerned about ransomware attacks, it should be. This malware infection can force organizations to close their doors for good. Not only can recovery be expensive, but the damage to an organization’s reputation can shatter donor confidence for good.
Unfortunately, there’s no guarantee you’ll get your system and files back even after you pay the hackers. While some cybercriminals don’t bother sharing a decryption key, others use ransomware strains incapable of tracking payments or restoring data. To make matters worse, some attackers play double-extortion strategies. They may only unlock some of your data, or they may threaten to dump your staff, volunteer, donor, and customer information on the Dark Web. That’s why it’s a good idea for any nonprofit to adopt mitigation strategies. And fortunately, you don’t have to break the bank to stop ransomware.
1. Use Secure Software
Always look for reliable software for your company that protects your data. For example, the case management solutions based on Sumac’s nonprofit CRM are PA-DSS certified. The CRM is also free for charities that qualify.
Even the case management tool itself takes your security and privacy seriously. It’s both HIPAA & PIPEDA Compliant. Additionally, it’s hosted on the world-class AWS cloud infrastructure, allowing you to access critical data from anywhere with an Internet connection securely. With a cloud-based solution, you and your team don’t have to send email lists back and forth, which can be compromised — your volunteers and your staff can access the same database at the same time from anywhere.
2. Don’t Open Spam
Spam is emails sent in mass that usually promote products, services, and websites. However, some spam can also be an infection vector for ransomware. So, it’s best not to open spam, even out of curiosity.
3. Avoid Phishing Attacks
Phishing emails are fake emails that hackers design to trick you into sharing sensitive information. Some phishing emails can also carry ransomware in attachments that look like legitimate offers or resources. Others still can have links to downloads or websites that infect your computer. Remember, you don’t have to click anything on a malicious website to download ransomware. Some attack websites use drive-by downloads to infect your computer without any action from you. Others are legitimate platforms where threat actors have injected malware into ads in a strategy called malvertising.
4. Avoid Trojan Horse Malware
Trojans are another type of malware that can carry ransomware. Trojans use deception to attack you. For example, a USB drive sent to your office carrying free accounting software might be a Trojan that deploys ransomware.
5. Use Your Email Security Tools
You can use your email’s baked-in security tools to protect yourself from phishing attacks and spam emails. Instead of landing in your inbox, potentially dangerous emails will directly land in your junk folder when you activate your email client’s security filters. You can still review them later, but it’s best not to open anything potentially dangerous.
6. Don’t Use Pirated Software
More nonprofit organizations use unlicensed software than they’d care to admit in order to cut costs. Unfortunately, they sometimes pay for it with their cybersecurity. For example, many unlicensed productivity tools on piracy platforms are Trojans that carry ransomware and other malware. One pirated game for Macs was actually a sophisticated ransomware spyware hybrid.
You can always find excellent software that’s free to use if costs are a concern. For example, Google’s office tools are nearly as good as Microsoft Office, but free of charge. Many companies also offer steep discounts to charities for yearly software licenses.
7. Patch Your Software
Another reason to avoid pirated software is that it usually can’t access critical security patches. Threat actors can often use these exploits to target your systems. For example, the WannaCry ransomware exploits a Microsoft software vulnerability. So, please, make it a habit to download the latest security patches for your operating system, productivity tools, web browser, and other essential software.
8. Use Anti-Ransomware Software
You can download anti-ransomware software to defend your system from threats. Some cybersecurity tools can also roll back your system after a ransomware attack and restore your files. You can also use Windows 10’s built-in ransomware detection software if you’re on a budget, though it’s not as good as tools from reputable cybersecurity companies.
9. Download Anti-Malware Software
Give your operating system’s default antivirus tools a helping hand by downloading anti-malware software. Free anti-malware software can provide some defense against ransomware. It can also stop Trojans, spyware, and other malware that initiate a ransomware attack.
Many experts suggest that the best way to stop ransomware is to adopt mitigation strategies. Even if you’re on a budget, you can significantly reduce your risk of losing access to your computers and data to a gang of extortionists by adopting some security measures.