The Anti-Ransomware Protection Plan You Need to Follow Today
Your safety checklist against the biggest cyber threat on the web
Technology has made our lives both easier and more complicated – there’s no denying that. Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there’s no better incarnation for their wants than ransomware. Image credit: ITworld/Phil Johnson Some of you who will read this article will think: Ransomware isn’t that big of a deal, is it? I bet the security industry is blowing things up to make money out of it. You’re perfectly entitled to a skeptical opinion. But the facts show, without a doubt, that ransomware is the biggest cyber threat out there, for both companies and home users. Just look at this chart which shows how many ransomware families have been identified in the past years. And we’re only half way through 2016… Source: CERT-RO You should also know that ransomware families are only a starting point for tens or hundreds of variants! For example, CryptoWall, discovered in 2013, reached its fourth version in November 2015. And needless to say that there are probably many more ransomware types which cyber security researchers haven’t yet identified and named. While you’re reading this, someone’s data is getting encrypted and someone else may be paying a hefty ransom to the attackers (usually around $500), which will further fund their malicious actions. That’s in spite of the FBI’s and security experts’ warning to never pay the ransom. But there’s a lot you can actually do to prevent all the drama and hassle of a ransomware attack. And I plan to take you through all the protection steps you can easily put in place on your computer today, after work. Let’s get into the details.
Your anti-ransomware protection plan
Having a plan to deal with threats to your security will help you see the bigger picture without overlooking important details. I’ve organized a list of protection tips according to four categories, so you’ll always know how to prevent ransomware attacks:
- Locally, on the PC
- In the browser
- Online behavior
- Anti-ransomware security tools.
How you can start working on your anti-ransomware protection:
- See which of these tips you already have in place
- Make a to-do list for the rest of the things you have to do
- Do them and don’t procrastinate!
Locally, on the PC
Don’t store important data only on my PC. Storing irreplaceable data like academic papers, work documents and cherished photos only your PC makes you vulnerable. If something happens to that device (ransomware, physical damage, theft, etc.), it’ll all be gone. Which brings us to the next step. Keep at least 2 backups of your data. Keep a copy of your data on an external hard drive and one in the cloud – Dropbox/Google Drive/etc. Make sure you update your data often, so you don’t lose progress. And check that your backups are intact and can be restored if you need to. Don’t leave Dropbox/Google Drive/OneDrive/etc. turned on by default. Open these apps once a day, sync your data and close them once it’s done. There are types of ransomware that can encrypt everything on your drive, including the data in your cloud accounts, if the cloud apps are running on your PC. That could destroy a data backup, which is why you have to be extra-careful and keep multiple backups. Keep your operating system and the software you use up to date. The latest security updates are especially important. If you apply the latest updates, you’ll also get security patches that solve a lot of vulnerabilities. That’s why cyber security specialists always insist on patching. For daily use, don’t use the administrator account on your computer. Instead, use a guest account with limited privileges. If you use a guest account, you can limit the damages if you’re hit with ransomware or another type of malware. Turn off macros and ActiveX in the Microsoft Office suite – Word, Excel, PowerPoint, etc. These are bits of software that cyber criminals often use to spread malware and infect computers. Infected documents are heavily used in cyber attacks, because they’re able to hide their malicious intent. If they look useful or safe, victims are more inclined to open them. Always verify file extensions before clicking on them. Cyber criminals are very deft at camouflaging files to make them look harmless. The purpose is to get you to click on them and launch a malware infection that will take over your computer. Modify your Windows settings to show file name extensions, so you’ll know to avoid shady formats, like .jpeg.exe (which aren’t pictures, but malicious executable files). Here’s how to do it:
To show or hide file name extensions: Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options. Click the View tab, and then, under Advanced settings, do one of the following: · To show file name extensions, clear the Hide extensions for known file types check box, and then click OK. · To hide file name extensions, select the Hide extensions for known file types check box, and then click OK.
Source: Microsoft. Turn off AutoPlay on your PC. AutoPlay is a Windows feature that allows you to instantly open digital media (USB sticks, CDs, digital cameras) with a designated application. Malware can use this option to gain access to your computer and start running automatically, so it’s best to keep this option turned off. How to do it:
When you turn AutoPlay on, you can choose what should happen when you insert different types of digital media into your computer. For example, you can choose which digital media player is used to play CDs. When AutoPlay is turned off, you are prompted to choose what you want to do when you insert digital media into your computer. Open AutoPlay by clicking the Start button, and then clicking Control Panel. In the search box, type autoplay, and then click AutoPlay. Do one of the following: · To turn AutoPlay on, select the Use AutoPlay for all media and devices check box. · To turn AutoPlay off, clear the Use AutoPlay for all media and devices check box. Click Save.
Don’t keep wireless and Bluetooth on unless you’re actively using it. Unsecured connections can cost you dearly, so make sure you turn off your wireless and Bluetooth connectivity if you don’t use them. Cyber criminals can use both these connections to attack and compromise your devices. This rule if useful for all your devices, not just for your PC. Don’t keep multiple computers in your home connected to one another in a local network. Ransomware is highly sophisticated and capable of spreading to other computers connected in a local network. If a computer is infected, but not connected to the others, the infection won’t spread. Never plug in USB sticks whose origin you’re unsure of. Not even if you scan it with your antivirus, since antivirus may not detect ransomware attacks properly sometimes. Only plug in USB sticks whose origin you’re sure of and whose contents you know. Disable Windows PowerShell if you don’t use it. Here’s a quick explanation to help you understand what Windows PowerShell is:
While many casual users know about the Command Prompt, few have heard about Windows PowerShell. PowerShell is a tool that’s much more powerful than the Command Prompt. In a way, it’s also intended to replace the Command Prompt, as it delivers more power and control over the Windows operating system.
Source: Digital Citizen So if you don’t use PowerShell for your tasks, just disable it. There are many types of malware, ransomware included, who abuse PowerShell and use it to plant and execute malware deep in victim’s devices. Here are the instructions to disable Windows PowerShell, which works for Windows 7, 8, 8.1 and Windows 10.
In the browser
Remove the following plugins from your browsers: Adobe Flash, Adobe Reader, Java and Silverlight. If you absolutely have to use them, set the browser to ask you if you want to activate these plugins when needed. These four plugins are notorious for being exploited in cyber attacks, as you can see from the statistics below. Source: It Threat Evolution in Q1 2016 by Kaspersky Lab Adjust your browsers’ security and privacy settings for increased protection. There’s a lot you can do to make your browsers more secure. They’re the type of settings that take a few short minutes to do, and make a huge difference. As you just saw, browsers are the main exploitation targets for cyber criminals and it’s the same with ransomware. Our guide to secure browsing will take you through all the steps you need to follow and help you close off potential backdoors that could compromise your system. Remove outdated plugins and add-ons from your browsers. Only keep the ones you use on a daily basis, and I keep them updated to the latest version. Old add-ons and plugins can go rogue without you even realizing it. Spring or not, a computer clean-up is always welcome! Use an ad blocker to avoid the treat of potentially malicious ads. Malvertising is a very serious threat. And attackers often use malvertising campaigns to spread ransomware to unsuspecting victims. A way to protect yourself from this threat is to use an ad blocker. If you’ve never heard about ad blockers before, here’s the short version: they’re browser extensions / apps you install to block online ads. No pop-ups, overlay ads, search ads or even pre-roll ads in videos. While blocking annoying ads is the most boasted benefit of ad blockers, they have another advantage as well: they can help you eliminate the threat of malvertising.
Never, EVER open spam emails or emails from unknown senders. If you don’t know who it came from, delete it or send it straight to spam. If you’re unsure whether you should open it, contact the sender directly and verify the information. Spam emails are the most used tactic for spreading ransomware, as we’ve seen in numerous campaigns. Here are just two examples: CryptoWall 3.0 campaign, TeslaCrypt campaign. Never, EVER, ever download attachments from spam emails or suspicious emails. This is the most used form of infecting computers with encrypting malware. The victim downloads and opens a malicious attachment and then all hell breaks loose. We really don’t want to get a comment like this from you: Never, EVER click links in spam emails or suspicious emails. The same goes for links in these emails used in ransomware attacks. Just don’t click them. And if you’re unsure of a link, there are a lot of tools you can use to verify if a link is safe or not. But don’t rely on those verifications alone. It’s better to be safe than sorry. Also, stay away from clicking strange links on social media, links received via Skype or other instant messaging services (WhatsApp, Viber, etc.). They can damage your data and your device. Learn to identify emails that pretend to come from trusted companies. Cyber attackers often impersonate big companies to trick people into opening malicious emails or click infected links and download malware-laden attachments. Because people trust brands like telecom companies, Internet service providers, the local post office, etc., they tend to click on links and download and open attachments without thinking they may be dangerous. That’s why we urge you to verify every email you get from companies you work with. It’s better to set up online accounts with them, if they provide the option, than to risk getting infected with malware. Be cautious at all times!
Anti-ransomware security tools
Use a reliable, paid antivirus product. Makes sure that the antivirus includes an automatic update module and a real-time scanner. Keep it updated and remember that a free antivirus will never provide the same level of protection as one your paid for. This is the reactive part of your data protection plan. Turn on your Windows Firewall and keep it on. It may be old-school, but it still works. Having a firewall in place is a good security measure to have. Of course, you can choose other firewall solutions as well. You should also know that most paid antivirus suites also include a dedicated firewall, so you should verify that before purchasing a dedicated firewall solution. Get proactive anti-ransomware protection. Think ahead and protect before ransomware strikes. You can try Thor Foresight and see how traffic filtering can shield your computer from ransomware and other attacks.
How to spot a ransomware attack
Some ransomware variants work fast when encrypting your data, but others are slower. If you notice that you can’t access some of your files, which now have a strange extension, here’s what to do:
- Disconnect from the Internet immediately! Turn off your wireless or unplug the Ethernet cable from your PC.
- Verify how far the infection has spread and how many files have been encrypted.
- Verify, on another PC that is safe, if your data backup is working properly.
- Because the ransomware may have carried other infections, like keyloggers or financial malware, or may have even enlisted your computer into a botnet, it’s better to do a clean operating system reinstall.
- Once you’re done either restoring the system from a backup or doing a reinstall of your OS, follow the steps above to prevent another potential ransomware infection.
If you don’t have a backup, evaluate your data loss first. Do whatever you can to not pay the ransom, as there’s no guarantee that cyber criminals will give you the decryption key. Consider that your money will be used to fund further attacks on innocent victims such as yourself.
Word of advice: don’t try breaking the encryption by yourself, since current ransomware types use a very strong encryption algorithm which is impossible to crack. Brute force won’t work in this case. Of course, it’s your prerogative to research online and see the details about the ransomware strain you’ve been infected with. There are even some decryption tools out there that might work. However, please note that cyber criminals release new ransomware variants each day, and correct their mistakes in past versions, which render some decryptors useless.
The best way to keep your data safe from ransomware is to think and act proactively. Follow the checklist in this article and you should be able to avoid ransomware attacks altogether. And keep an eye on our security alerts to find out what new tactics attackers come up with. Their resourcefulness seems to be never-ending.
INSTALL IT, FORGET IT AND BE PROTECTEDDownload Heimdal™ FREE