Dealing with the consequences of Ransomware attacks is like playing Russian roulette, where sending the ransom payment is the only option to retrieve the locked information. It is precisely for that reason that focusing on prevention is the rational way to adopt.
The growth of ransomware in recent years has led the security industry to create a myriad of applicable tools to block such threats from being run on computers. However, few are 100% effective. This article focuses on the additional measures that users must take to ensure a higher level of defense against these pests.
1. First and foremost, be sure to periodically back up your most important files.
Ideally, backup activity should be diversified, so single-point failure will not cause irreversible loss of information. Store a copy in the cloud, use services like Dropbox; And the others in offline physical media, such as a portable removable hard disk.
An efficient tactic is to toggle access privileges to data and set read / write permissions so that files can not be modified or deleted. An additional tip is to verify the integrity of your backups from time to time.
2. Customize your anti-spam settings the right way.
Most ransomware variants are known to be spread by visually trapping emails that contain contagious attachments. A great idea is to configure your webmail server to block dubious attachments with extensions such as .exe, .vbs, .scr . [ NT: Also, .vbe, js, .JSE, .bat, .cmd, .dll ].
3. Do not open Attachments that appear suspicious.
This applies not only to messages from unknown people but to senders who you think are your acquaintances. Phishing emails can be disguised as notifications of parcel services, some online commerce, law enforcement agencies, or banking institutions.
4. Think twice before clicking.
You can receive dangerous hyperlinks through social networking or instant messaging, and probably sent by people you trust, including friends or colleagues. To carry out these attacks, cybercriminals compromise their accounts and send malicious links to as many people as possible.
5. The “Show File Extensions Option” can also prevent ransomware pests.
This is a native Windows function that allows one to see what kind of file is being opened, so that you can clearly distinguish the types of potentially dangerous files. Scammers can also use a technique that confuses where a single file is assigned multiple extensions.
For example, an executable file may appear to be an image and have the .gif extension . The files may also appear to have two extensions, eg. Cute-dog.avi.exe or table.xlsx.scr – so you should be aware of this type of tricks. Another stand-alone vector is malicious MS Word documents with macros enabled.
Patch and keep your operating system, antivirus, browsers, Adobe Flash Player , Java and other software updated .
This habit can prevent being compromised by exploitation kits.
6. In case you detect a suspicious process on your computer, immediately shut down your Internet connection .
This is particularly efficient at an early stage because ransomware will not have a chance to establish a connection with your Command & Control (C & C) server and therefore will not be able to complete the encryption routine.
7. Consider disabling vssaexe
This functionality included in Windows to manage the Volume Shadow Copy Service is usually a handy tool that can be used to recover previous versions of arbitrary files. In the context of the rapid evolution of malware file encryption, however, vssadmin.exe became a problem rather than a beneficial service.
If it is disabled on a computer, at the time of being compromised, ransomware will fail to use it to erase the copies in the Shadow Volume . This means that you can use VSS to recover encrypted files.
8. Always keep Windows Firewall active and properly configured .
9. Enhance your protection further by configuring additional Firewall protections .
There are some security packages with varied Firewall capabilities in their features, they can be a great addition to the defenses against a transgression.
Adjust your security software to scan compressed or archived files, if this option is available
Disabling Windows Scripting Host can be an efficient preventative measure as well .
Consider disabling Windows Power Shell , which is a task automation environment .
Keep it enabled only if absolutely necessary.
Improve the security of your Microsoft Office components ( Word, Excel, PowerPoint, Access , etc.)
In particular disable Macros and ActiveX . In addition, blocking external content is a reliable technique to prevent malicious code from running on your PC.
Install add-on in the browser to block pop-ups as they can present themselves as an entry point for ransom-type Trojan attacks .
Use strong passwords that can not be found by criminals remotely using brute force .
Use unique strong passwords for different accounts to reduce potential risks.
In this way, dangerous processes will not be launched automatically when you insert external storage media such as USB keys or other types of drives.
Be sure to disable shared files .
In this way, if it happens to become infected, the ransomware infection will be isolated only to your machine.
Consider disabling remote services
Otherwise the threat would spread throughout the enterprise network, thus creating dangerous security issues for the business environment if your computer is part of them. For example, the Remote Desktop protocol can be abused by attackers to extend the attack surface.
Turn off unused wireless connections, such as bluetooth or infrared ports .
There are cases where a machine has been stealthily committed through bluetooth .
Define “Software Restriction Policies” that prevent executable files from running when they are specific to system locations .
The folders most commonly used to host malicious processes are ProgramData, AppData, Temp, Windows \ SysWow .
Block malicious IP addresses that are known.
TOR ( The Onion Router ) gateways are the primary means that ransomware uses to communicate with its C & C servers . Hence, blocking them can prevent critical malicious processes from communicating.
EXTRA: install some of these tools to prevent ransomware infection .
Because ransomware is today the number one danger due to the damage it causes and its prevalence, listed countermeasures are a necessity. Otherwise your most important files could be lost altogether.
The key recommendation, however, is that regarding backups – off-line or in the cloud. In this scenario, the recovery consists of removing the ransom trojan and retrieving the information from the backup storage. Currently, dealing with the consequences of ransomware does not have a prospect of deciphering them very promising. That is why frustrating the virus attack can save you a lot of money and guarantee peace of mind.