Nowadays ransomware prevention is very important thing to know. Having in mind that submitting the ransom might be the only option for recovering data, users should learn some tricks to keep their virtual machines protected.
Over the past years, security companies have created myriads of tools applicable for blocking ransomware from being executed on computers. However, only of them are 100% bulletproof.
Below computer users can find a list of additional measures which they should employ to ensure a higher level of defense against these plagues:
1. Be sure to back up your most important files on a regular basis.
Backup activity should be diversified, so that the failure of any single point won’t lead to the irreversible loss of data. Store one copy in the cloud, resorting to services like Dropbox, and the other on offline physical media, such as a portable HDD. An additional tip is to check the integrity of your backup copies once in a while.
2. Personalize your anti-spam settings.
Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr.
3. Refrain from opening attachments that look suspicious.
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
4. Think twice before clicking.
Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
5. The Show File Extensions feature can thwart ransomware plagues, as well.
This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. The fraudsters may also utilize a confusing technique where one file can be assigned a couple of extensions.
For instance, an executable may look like an image file and have a .gif extension. Files can also look like they have two extensions – e.g., cute-dog.avi.exe or table.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in Microsoft Word documents.
6. Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
This habit can prevent compromises via exploit kits.
7. In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection.
This is particularly efficient on an early stage of the attack because the ransomware won’t get the chance to establish a connection with its Command and Control server and thus cannot complete the encryption routine.
8. Keep the Windows Firewall turned on and properly configured at all times.
9. Enhance your protection more by setting up additional Firewall protection.
There are security suites out there that accommodate several Firewalls in their feature set, which can become a great addition to the stock defense against a trespass.
10. Adjust your security software to scan compressed or archived files, if this feature is available.
11. Disabling Windows Script Host could be an efficient preventive measure, as well.
12. Consider disabling Windows PowerShell, which is a task automation framework.
Keep it enabled only if absolutely necessary.
13. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.).
In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC.
14. Install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks.
15. Use strong passwords that cannot be brute-forced by remote criminals.
Set unique passwords for different accounts to reduce the potential risk.
16. Deactivate AutoPlay.
This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
17. Make sure you disable file sharing.
This way, if you happen to get hit, the ransomware infection will stay isolated to your machine only.
18. Think of disabling remote services.
Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it.
For example, the Remote Desktop Protocol can be leveraged by the black hat hackers to expand the attack surface.
19. Switch off unused wireless connections, such as Bluetooth or infrared ports.
There are cases when Bluetooth get exploited for stealthily compromising the machine.
20. Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.
The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.
21. Block known-malicious Tor IP addresses.
Tor gateways are the primary means for ransomware threats to communicate with their C&C servers. Therefore, blocking those may impede the critical malicious processes from getting through.
Ransomware is today’s number one cyber peril due to the damage it causes and the prevalence factor, thus the countermeasures above are a must. In other case, your most important files could be completely lost.
However, the most important thing here is the one about backups – offline or in the cloud. In this scenario, the recovery consists of removing the ransom Trojan and transferring data from the backup storage.
Presently, dealing with the consequences of ransomware isn’t very promising from the file decryption perspective. For that reason, thwarting the virus attack can save you lots of efforts and money.