SECURITY EVANGELIST

Technology has made our lives both easier and more complicated – there’s no denying that.

Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there’s no better incarnation for their wants than ransomware.

parenting and ransomware

Image credit: ITworld/Phil Johnson

Some of you who will read this article will think:

Ransomware isn’t that big of a deal, is it? I bet the security industry is blowing things up to make money out of it.

You’re perfectly entitled to a skeptical opinion. But the facts show, without a doubt, that ransomware is the biggest cyber threat out there, for both companies and home users. Just look at this chart which shows how many ransomware families have been identified in the past years. And we’re only half way through 2016…

ransomware discoveries - CERT-RO

Source: CERT-RO

You should also know that ransomware families are only a starting point for tens or hundreds of variants! For example, CryptoWall, discovered in 2013, reached its fourth version in November 2015. And needless to say that there are probably many more ransomware types which cyber security researchers haven’t yet identified and named.

While you’re reading this, someone’s data is getting encrypted and someone else may be paying a hefty ransom to the attackers (usually around $500), which will further fund their malicious actions. That’s in spite of the FBI’s and security experts’ warning to never pay the ransom.

But there’s a lot you can actually do to prevent all the drama and hassle of a ransomware attack. And I plan to take you through all the protection steps you can easily put in place on your computer today, after work.

Let’s get into the details.

What is ransomware:
Ransomware is a type of malicious software (malware) which encrypts all the data on a PC or mobile device, locking the owner out. Once the infection takes place, the victim receives a message that provides instructions on how to pay the ransom (usually in Bitcoins). The extortion process usually involved a time-limit for the payment. Paying the ransom should give the victim the decryption key, but there’s no guarantee that this will happen.

Your anti-ransomware protection plan

Having a plan to deal with threats to your security will help you see the bigger picture without overlooking important details. I’ve organized a list of protection tips according to four categories, so you’ll always know how to prevent ransomware attacks:

  • Locally, on the PC
  • In the browser
  • Online behavior
  • Anti-ransomware security tools.

How you can start working on your anti-ransomware protection:

  • See which of these tips you already have in place
  • Make a to-do list for the rest of the things you have to do
  • Do them and don’t procrastinate!

Locally, on the PC

Don’t store important data only on my PC.
Storing irreplaceable data like academic papers, work documents and cherished photos only your PC makes you vulnerable. If something happens to that device (ransomware, physical damage, theft, etc.), it’ll all be gone. Which brings us to the next step.

Keep at least 2 backups of your data.
Keep a copy of your data on an external hard drive and one in the cloud – Dropbox/Google Drive/etc. Make sure you update your data often, so you don’t lose progress. And check that your backups are intact and can be restored if you need to.

Don’t leave Dropbox/Google Drive/OneDrive/etc. turned on by default.
Open these apps once a day, sync your data and close them once it’s done. There are types of ransomware that can encrypt everything on your drive, including the data in your cloud accounts, if the cloud apps are running on your PC. That could destroy a data backup, which is why you have to be extra-careful and keep multiple backups.

Keep your operating system and the software you use up to date.
The latest security updates are especially important. If you apply the latest updates, you’ll also get security patches that solve a lot of vulnerabilities. That’s why cyber security specialists always insist on patching.

For daily use, don’t use the administrator account on your computer.
Instead, use a guest account with limited privileges. If you use a guest account, you can limit the damages if you’re hit with ransomware or another type of malware.

Turn off macros and ActiveX in the Microsoft Office suite – Word, Excel, PowerPoint, etc.
These are bits of software that cyber criminals often use to spread malware and infect computers. Infected documents are heavily used in cyber attacks, because they’re able to hide their malicious intent. If they look useful or safe, victims are more inclined to open them.

Always verify file extensions before clicking on them.
Cyber criminals are very deft at camouflaging files to make them look harmless. The purpose is to get you to click on them and launch a malware infection that will take over your computer. Modify your Windows settings to show file name extensions, so you’ll know to avoid shady formats, like .jpeg.exe (which aren’t pictures, but malicious executable files).

Here’s how to do it:

To show or hide file name extensions:

Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

Click the View tab, and then, under Advanced settings, do one of the following:

· To show file name extensions, clear the Hide extensions for known file types check box, and then click OK.
· To hide file name extensions, select the Hide extensions for known file types check box, and then click OK.

Source: Microsoft.

Turn off AutoPlay on your PC.
AutoPlay is a Windows feature that allows you to instantly open digital media (USB sticks, CDs, digital cameras) with a designated application. Malware can use this option to gain access to your computer and start running automatically, so it’s best to keep this option turned off.

How to do it:

When you turn AutoPlay on, you can choose what should happen when you insert different types of digital media into your computer. For example, you can choose which digital media player is used to play CDs. When AutoPlay is turned off, you are prompted to choose what you want to do when you insert digital media into your computer.

Open AutoPlay by clicking the Start button, and then clicking Control Panel. In the search box, type autoplay, and then click AutoPlay.

Do one of the following:
· To turn AutoPlay on, select the Use AutoPlay for all media and devices check box.
· To turn AutoPlay off, clear the Use AutoPlay for all media and devices check box.

Click Save.

Don’t keep wireless and Bluetooth on unless you’re actively using it.
Unsecured connections can cost you dearly, so make sure you turn off your wireless and Bluetooth connectivity if you don’t use them. Cyber criminals can use both these connections to attack and compromise your devices. This rule if useful for all your devices, not just for your PC.

Don’t keep multiple computers in your home connected to one another in a local network.
Ransomware is highly sophisticated and capable of spreading to other computers connected in a local network. If a computer is infected, but not connected to the others, the infection won’t spread.

Never plug in USB sticks whose origin you’re unsure of.
Not even if you scan it with your antivirus, since antivirus may not detect ransomware attacks properly sometimes. Only plug in USB sticks whose origin you’re sure of and whose contents you know.

Disable Windows PowerShell if you don’t use it.
Here’s a quick explanation to help you understand what Windows PowerShell is:

While many casual users know about the Command Prompt, few have heard about Windows PowerShell. PowerShell is a tool that’s much more powerful than the Command Prompt. In a way, it’s also intended to replace the Command Prompt, as it delivers more power and control over the Windows operating system.


Source: Digital Citizen

So if you don’t use PowerShell for your tasks, just disable it. There are many types of malware, ransomware included, who abuse PowerShell and use it to plant and execute malware deep in victim’s devices.

Here are the instructions to disable Windows PowerShell, which works for Windows 7, 8, 8.1 and Windows 10.

In the browser

Remove the following plugins from your browsers: Adobe Flash, Adobe Reader, Java and Silverlight. If you absolutely have to use them, set the browser to ask you if you want to activate these plugins when needed. These four plugins are notorious for being exploited in cyber attacks, as you can see from the statistics below.

top exploited software in Q1 2016

Source: It Threat Evolution in Q1 2016 by Kaspersky Lab

Adjust your browsers’ security and privacy settings for increased protection.
There’s a lot you can do to make your browsers more secure. They’re the type of settings that take a few short minutes to do, and make a huge difference.

As you just saw, browsers are the main exploitation targets for cyber criminals and it’s the same with ransomware. Our guide to secure browsing will take you through all the steps you need to follow and help you close off potential backdoors that could compromise your system.

Remove outdated plugins and add-ons from your browsers.
Only keep the ones you use on a daily basis, and I keep them updated to the latest version. Old add-ons and plugins can go rogue without you even realizing it. Spring or not, a computer clean-up is always welcome!

Use an ad blocker to avoid the treat of potentially malicious ads.
Malvertising is a very serious threat. And attackers often use malvertising campaigns to spread ransomware to unsuspecting victims. A way to protect yourself from this threat is to use an ad blocker.

If you’ve never heard about ad blockers before, here’s the short version: they’re browser extensions / apps you install to block online ads. No pop-ups, overlay ads, search ads or even pre-roll ads in videos. While blocking annoying ads is the most boasted benefit of ad blockers, they have another advantage as well: they can help you eliminate the threat of malvertising.

Online behavior

Never, EVER open spam emails or emails from unknown senders.
If you don’t know who it came from, delete it or send it straight to spam. If you’re unsure whether you should open it, contact the sender directly and verify the information. Spam emails are the most used tactic for spreading ransomware, as we’ve seen in numerous campaigns. Here are just two examples: CryptoWall 3.0 campaign, TeslaCrypt campaign.

Never, EVER, ever download attachments from spam emails or suspicious emails.
This is the most used form of infecting computers with encrypting malware. The victim downloads and opens a malicious attachment and then all hell breaks loose. We really don’t want to get a comment like this from you:

ahmed

cherri

cihan

Never, EVER click links in spam emails or suspicious emails.
The same goes for links in these emails used in ransomware attacks. Just don’t click them. And if you’re unsure of a link, there are a lot of tools you can use to verify if a link is safe or not. But don’t rely on those verifications alone. It’s better to be safe than sorry.

Also, stay away from clicking strange links on social media, links received via Skype or other instant messaging services (WhatsApp, Viber, etc.). They can damage your data and your device.

Learn to identify emails that pretend to come from trusted companies.
Cyber attackers often impersonate big companies to trick people into opening malicious emails or click infected links and download malware-laden attachments. Because people trust brands like telecom companies, Internet service providers, the local post office, etc., they tend to click on links and download and open attachments without thinking they may be dangerous.

That’s why we urge you to verify every email you get from companies you work with. It’s better to set up online accounts with them, if they provide the option, than to risk getting infected with malware. Be cautious at all times!

Anti-ransomware security tools

Use a reliable, paid antivirus product.
Makes sure that the antivirus includes an automatic update module and a real-time scanner. Keep it updated and remember that a free antivirus will never provide the same level of protection as one your paid for. This is the reactive part of your data protection plan.

Turn on your Windows Firewall and keep it on.
It may be old-school, but it still works. Having a firewall in place is a good security measure to have. Of course, you can choose other firewall solutions as well. You should also know that most paid antivirus suites also include a dedicated firewall, so you should verify that before purchasing a dedicated firewall solution.

Get proactive anti-ransomware protection.
Think ahead and protect before ransomware strikes. You can try Heimdal PRO and see how traffic filtering can shield your computer from ransomware and other attacks.

How to spot a ransomware attack

Some ransomware variants work fast when encrypting your data, but others are slower. If you notice that you can’t access some of your files, which now have a strange extension, here’s what to do:

  • Disconnect from the Internet immediately! Turn off your wireless or unplug the Ethernet cable from your PC.
  • Verify how far the infection has spread and how many files have been encrypted.
  • Verify, on another PC that is safe, if your data backup is working properly.
  • Because the ransomware may have carried other infections, like keyloggers or financial malware, or may have even enlisted your computer into a botnet, it’s better to do a clean operating system reinstall.
  • Once you’re done either restoring the system from a backup or doing a reinstall of your OS, follow the steps above to prevent another potential ransomware infection.

If you don’t have a backup, evaluate your data loss first. Do whatever you can to not pay the ransom, as there’s no guarantee that cyber criminals will give you the decryption key. Consider that your money will be used to fund further attacks on innocent victims such as yourself.

Ransomware removal

Word of advice: don’t try breaking the encryption by yourself, since current ransomware types use a very strong encryption algorithm which is impossible to crack. Brute force won’t work in this case.

Of course, it’s your prerogative to research online and see the details about the ransomware strain you’ve been infected with. There are even some decryption tools out there that might work. However, please note that cyber criminals release new ransomware variants each day, and correct their mistakes in past versions, which render some decryptors useless.

Conclusion

The best way to keep your data safe from ransomware is to think and act proactively. Follow the checklist in this article and you should be able to avoid ransomware attacks altogether. And keep an eye on our security alerts to find out what new tactics attackers come up with. Their resourcefulness seems to be never-ending.

What is Ransomware
2017.05.15 SLOW READ

What is Ransomware and 15 Easy Steps To Keep Your System Protected [Updated]

Ransomware-Decryption-Tools
2016.10.05 QUICK READ

Ransomware Decryption Tools – Unlock Your Data for Free

ransomware-distribution-in-companies
2016.04.01 QUICK READ

Ransomware Distribution: How One Infection Can Go Network-Wide

Comments

Hi.
Thanks for the article. Rich in information that could help one to identify potential threats along with preventive measures.
Yesterday one of our servers got infected with some sort of ransomware. DB, shared folders all gone. Will try to recover data tomorrow using tools i have found through your blogs. Wish me luck!!!

Your article on Ransomware is very much informative. Thanks. I have opened this webpage because my friend’s PC has been attacked by Ransomware just now.

So sorry to hear about your friend. I hope he can get the data back and I hope you’ll take action to keep your data safe. Thanks for the feedback!

Hi,

I am your Pro user and loving this software.

but during this write up, I didn’t find that your Pro softwar is enough to protect this. ?

or we can use Pro for safety purpose and it will help a lot.

You has just suggested some other softwaere and suggestion.

what about yuour Pro ? is it enough for Ransome kind of attacks ?

or we should go with some other security or some add on require ?

Please guide me, I am lossing my confidence in this software.

Thanks

Hi there!

Thanks for trusting Heimdal PRO with your data’s safety.

The article actually includes a reference to Heimdal PRO: “Think ahead and protect before ransomware strikes. You can try Heimdal PRO and see how traffic filtering can shield your computer from ransomware and other attacks.”

But, like we always advise, the best strategy is to build your security in layers. There is no single solution that can offer bulletproof protection against all types of attacks.

Security is not just about using a solution or another, it’s also about improving your online habits and always having a backup plan (or one or two data backups). It may not be as easy as we want it to be, but the fact of the matter is that we live in an incredibly complex world and the more we educated ourselves, the more we’ll be able to understand where vulnerabilities come from and how we can block them.

Nice post! Thanks you. just wanted to mention that today there are solutions that protect you from malware & ransom using remote browsing which basically means that the code doesn’t run on your PC, instead it runs on a remote server and reflects the page to your browser.

take a look at: http://www.smartxsb.com

Thanx, I will follow your instructions, using Anti Adware & Link Scanner.

Artur Marek Maciąg on May 31, 2016 at 4:57 pm

Good educational material, as always. Thank you for sharing this! Keep going with the proffesional, good and free stuf.

Thank you very much for your kind feedback, Artur!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
170 queries in 1.533 seconds