Several way to protect yourself and your company against Ransomware and Malware attacks..

Published on
4,242 Points
4 Endorsements
Last Modified:
Andrew Leniart
Helping others to help themselves..
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sure, just about every Anti-Virus program available will identify a Ransomware infection once it happens, but by then, the damage has been done and it’s too late. Currently, Antivirus and Anti Malware software uses Heuristic type scanning which looks for suspicious behavior that can sometimes catch and prevent an infection, however, it’s still not as reliable as it could be.

Ransomware is mostly spread via email and websites. It’s a piece of malicious code that encrypts your data using a very strong encryption key, rendering it useless, and then demands payment in order to decrypt your data so that you can get it back. It’s virtually impossible to decrypt your data without a decryption key.

In this post, I’ll be providing several tips that will help you (or your organization) from becoming a victim of a Ransomware Attack.

1. Scan and Block e-mail attachments.
Using an e-mail security solution that scans e-mail attachments or blocks certain e-mail attachment file types “before” they get into a user’s mailbox is a good way to safeguard yourself from falling victim to a Ransomware attack. One of my own favorites to do this is a software package by Firetrust called Mailwasher.

To add even more protection, ensure you’re using Anti-Virus and Anti-Malware which offers “Real Time Protection” and “On Access Scanning” that will monitor for suspicious activity in the background and take action immediately if you happen to click on a malicious file. I personally like to use two. Avast Professional Antivirus combined with MalwareBytes Premium Anti Malware. Both offer real time protection and work flawlessly together, with no real noticeable impact on system performance.

2. Block executable files from being able to launch from user profile folders.
By making use of Windows Software Restriction Policies or Intrusion Prevention software on the endpoint, you should not allow executable files to run from the following locations. These folders and sub folders are known to be used by Ransomware to host malicious processes.
  • %userprofile%\AppData
  • %appdata%
  • %localappdata%
  • %ProgramData%
  • %Temp%

The rules should be configured to “block all, allow some” so that the default behavior is to block ALL executable files unless you specifically white-list your known good applications.

3. Patch your Software frequently and consistently.
One of the most common infection vectors that malware exploits is software vulnerability. By ensuring your Browsers, Productivity Suites like Microsoft Office, Firewalls, Network devices and your Windows Operating System are patched; you will reduce the risk of being caught out.

4. Disable Microsoft Windows Default setting to “Hide extensions for known file types”
One of the ways Ransomware tries to hide its true identity is by masquerading as an innocent file format. For example, under Windows Default setting to hide extensions for known file type, a file purporting to be a PDF document might be called “Statement.PDF.exe“. If the “Hide extensions for known file types” option is enabled, the file will appear as Statement.PDF. By disabling this option, you will be able to see the “.exe” at the end of the file name which is a dead giveaway that it is NOT a PDF file at all.

5. Educate yourself and your companies Users.
Users are the last line of defense in the battle against not just Ransomware, but any Virus or Malware infection. Malware such as Ransomware wouldn’t be successful if it were not for users downloading and executing a piece of malware (opening an e-mail attachment for example or clicking on a malicious link in email or on the web.

Educating users and employees on what is good practice and how to spot threats will reduce the chance of them falling victim to social engineering attacks. A few of the most important things to emphasize would be;

– Do not open e-mail attachments from senders you do not know
– Do not click on links in e-mails from senders you do not know
– Check for misspelled domains in e-mails (e.g. micosoft.com instead of microsoft.com)
– Check for bad spelling and incorrect formatting in the e-mail subject and/or body
– Report any suspicious files or e-mails to your IT Help Desk or Security team

6. Scan ALL Internet Downloads – regardless of the source
Use a Web Monitoring and Scanning solution to scan all Internet Downloads like Avast Antivirus or MalwareBytes Premium AntiMalware Premium. This will help prevent users from accessing known malicious sites (either accidentally and on purpose) and allow you to block certain file types. With such solutions in place on their workstations, even if a phishing e-mail gets through and a user clicks on a malicious link, a web monitoring and scanning solution like Avast or MalwareBytes Premium can often block access to that malicious site and prevent a malicious file download.

7. Backup your Server and Workstation Data Regularly – Daily Incremental backups are best.
Regular backups of your data will allow you to regain access to encrypted and other forms of Malware and Virus infected files. IMPORTANT: To avoid backups being infected as well, your backup sets should be kept in a secure OFFLINE location (or Cloud Based Backup Solution) and set to “Read-Only”. Periodic integrity checks on the backed up data should be carried out to make sure your backups are intact and usable. 

It should go without saying that any backup plan without a periodic tried and tested restore process means nothing. what good is a backup set if its Integrity has been compromised and thus cannot be restored, right?

The list above is by no means extensive, but if followed, you will reduce your risk of disaster to yourself and/or your company.

I hope you find this post useful and get some value out of it.  For further information, please do not hesitate to contact me..

1 Comment
LVL 39

Expert Comment

If you could please post / incorporate some examples as well how Ransomware encrypt our data and further ask for payments to decrypt data..it will be really helpful.
Unless we come to know what exactly it can target, we would not realize its impact and importance
Article looks well and can give good start


Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month