By David Balaban
Previous years have shown us one important thing – ransomware is going to stay and get worse. When even the minor ransomware creators are making a lot of cash, the ransomware outburst will progress with advanced tactics and methods.
For this reason, it is crucial that each and every user at home or work knows the right ways to stay away from ransomware infections.
Below are the most important measures that will help you to not only prevent ransomware but stay away from many other malware attacks that involve analogous infection techniques.
Backup, backup, backup!!!
This is definitely the most significant thing that you should do to safeguard your files from becoming encrypted. Basically, for those who have the most current backup, ransomware viruses turn more into an inconvenience rather than a catastrophe. This is due to the fact that you can easily get rid of the virus and then simply recover your files from backups.
However, just using an additional hard drive and doing backups on occasion is not sufficient as modern ransomware will certainly find and encrypt all the drives on your PC including mapped network drives and even unmapped network shares.
So, any backups on local or network storage might be encrypted too.
That is why it is highly recommended that people get a solid cloud backup plan. Because nearly all cloud backups will not map as a drive letter, the backups are protected from becoming encrypted and may let you restore files.
In case you do not want to utilize cloud backups and wish to go with local storage, then be sure to completely switch off those storage systems after each backup procedure.
Use an antivirus tool that includes an anti-ransomware module based on behavioral detection. Sound behavioral identification is needed to be able to recognize when ransomware viruses are attempting to encrypt your files and block this activity.
Install only trusted solutions that have high detection ratings. Cybercrime is constantly growing; each connected device requires an effective defense.
Install all Windows updates. Microsoft delivers updates for Windows every month. The majority of these updates are security tweaks that safeguard your system from recently discovered vulnerabilities.
Because ransomware Trojans are often installed by means of exploit kits that take advantage of Windows vulnerabilities, in the event Windows informs you about new updates, you must install them immediately.
The same as with Windows vulnerabilities, exploit kits target security holes and zero days in widely installed software like Adobe, Java, etc. That means it is critical to always keep these applications up-to-date too.
By far the leading delivery method for ransomware is SPAM messages that impersonate bills, invoices, shipping notices, resumes, etc. Outlook, Gmail, Yahoo are going to block a great number of SPAM messages, however, if you do not have service that utilizes strong SPAM filters, then these kinds of emails can sneak in.
Show file extensions
Windows will not display the file extensions by default. This helps ransomware authors to fool users to think that malware files are not executables but their old and familiar PDF or Word documents.
Victims click on such files thinking them to include text or other data, in fact, they merely launch an application that installs the virus.
So, do turn on the Windows feature that shows all file extensions. It will be much harder for hackers to trick you into running their executables.
Dangerous email attachments
You should not click on email attachments without verifying that someone else really sent it.
Every time ransomware is sent out with SPAM, the downloader or virus itself is added as an attachment. When you get an attachment, you should either confirm with the person who sent it or at least use VirusTotal and scan it for viruses.
If you open an unknown attachment by mistake and notice a prompt to enable content or macros, never do it, this will allow criminals to install the ransomware.
Disable Remote Desktop
In case you are not working with Remote Desktop, then there is basically no reason to have it enabled. If you do use it regularly, you can change the default port from 3389 to something different.
Create software restriction policies
Software Restriction Policies are procedures that permit you to set up numerous rules that limit the number of folders an executable file can be launched from. You can do it manually or let it go on autopilot with programs like CryptoPrevent.
Use application whitelisting
Whitelisting is when you set Windows to allow only particular software to execute. This blocks all non-listed by your software from running. The issue, though, is that it requires a lot of efforts to set up it correctly. In case you wish to try it out, there exist several guides for Windows 7 and Windows 10.
Even if it may look like this is a big list with plenty of steps, many of them ask you to just slightly adjust your security routines or do a job once and forget about it. As long as you stick to these tips, you are going to be protected from not only ransomware by many other computer infections.
About the Author
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy, and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.