Among all types of malicious software today, ransomware poses the greatest threat to home users and businesses, causing troubles of the highest level. There is hardly any user, even from the category of beginners, who have not heard about extortion viruses. In this post, we want address measures that will protect you from ransomware.
The information below will help you to stay away from the malicious actions of the extortion viruses even if your antivirus software cannot detect and stop it in time.
One of the most effective measures in the fight against encryption viruses is timely backups. Such a measure allows you to maintain copies of files in the current state and restore them in the case of malicious encryption. Since some ransomware types can also encrypt backup files on network drives, as well as removable media, it is important to store backup information on a medium that is not permanently connected to the computer or the Internet. Turn on the backup device \ disc once a day for several minutes to make the copies and keep it offline \ turned off the rest of the time.
Routinely upgrade all software and OS
It is well known that cyber criminals resort to using exploits and software vulnerabilities to launch ransomware executable files. The lack of updates of various software products installed on the system significantly increases the risk of infection by malicious software. Updating the software is possible both from the built-in OS features and also on the official website, where new versions of products are published.
Use antivirus software
Using a modern antivirus suite with HIPS and a firewall significantly reduces the risk of ransomware infections. Proactive protection helps to avoid infection by malicious software. New antivirus modules like web protection may block a malicious web link that leads to the download website. In addition, an active firewall will help to block the interaction between the executable file and the ransomware C&C server. This, in turn, can help avoid the infection in the event that the executable file has already been activated. Additionally, modern antiviruses provide email protection blocking many spam emails that carry ransomware.
Disable macros in Microsoft Office
Often it is the macro in Office documents that is used to load the ransomware executable file and its subsequent execution in the system. Hackers send tons of spam emails with malicious Word docs attached claiming them to be invoices or flight info or docs from lawyers and banks. Disabling the use of macros, you minimize the risk of launching ransomware executables.
Configure Windows to show hidden file extensions
Malicious programs often use an additional extension in the file name to mask it as being harmless files. For example, it might look like INVOICE.PDF. The user believes that he sees the real file extension, this info is actually erroneous. By default, Windows hides known file extensions (like a .exe extension). In reality, this file looks like this INVOICE.PDF.exe. Tweaking the appropriate Windows option will allow you to see the real file name extensions.
Filter executable files in email
The mail scanner should be configured in such a way that it blocks all messages containing known executable extensions like .exe, .bat, etc. To exchange executable files, it is better to use cloud storage or to archive them before sending them.
Disallow launching programs from the AppData / LocalAppData directories
Using Windows rules or an IPS-type system allows you to specify a setting that will prohibit running executable files from the AppData or LocalAppData directories. These locations are often used by extortionists to install and launch their ransomware. If you need to run a legitimate application from these locations, you must specify an exception to the rule.
Cyber criminals often use the RDP (remote desktop protocol) to access Windows systems of their victims. If you do not use RDP, you can disable it for security reasons. Instructions for this can be obtained from the corresponding Microsoft Knowledge Base articles.
The following tips may help if you are already infected with ransomware.
- If you come across a suspicious file that can be a ransomware, the file encryption process can still be prevented. To do this, disconnect the computer from the Internet. This will not allow the ransomware to contact its C&C server and exchange the crypto keys and thus stop the process of encrypting your files.
- Sometimes malware authors make mistakes when encrypting files and make it possible for malware research experts to create a decryptor. Check the existence of such a decryptor, which can allow you to return access to your files.
- Try to decrypt files using Windows features or 3rd party data recovery tools.
- Consult with malware researchers on the dedicated ransomware support forums.
Ransomware is a real headache for all of us. Following the above tips will allow you to significantly reduce the risk of the infection. Since such viruses do not perform any suspicious activities on the system, and just implement file search and writing, they are not easy to distinguish from other legitimate software. This creates difficulties for the implementation of the mechanism for their proactive detection. Keep in mind that backups are crucial when your antivirus is not able to detect a ransomware based on its signature.