Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sure, just about every Anti-Virus program available will identify a Ransomware infection once it happens, but by then, the damage has been done and it’s too late. Currently, Antivirus and Anti Malware software uses Heuristic type scanning which looks for suspicious behavior that can sometimes catch and prevent an infection, however, it’s still not as reliable as it could be.
Ransomware is mostly spread via email and websites. It’s a piece of malicious code that encrypts your data using a very strong encryption key, rendering it useless, and then demands payment in order to decrypt your data so that you can get it back. It’s virtually impossible to decrypt your data without a decryption key.
In this post, I’ll be providing several tips that will help you (or your organization) from becoming a victim of a Ransomware Attack.
1. Scan and Block e-mail attachments.
Using an e-mail security solution that scans e-mail attachments or blocks certain e-mail attachment file types “before” they get into a user’s mailbox is a good way to safeguard yourself from falling victim to a Ransomware attack. One of my own favorites to do this is a software package by Firetrust called Mailwasher
To add even more protection, ensure you’re using Anti-Virus
which offers “Real Time Protection” and “On Access Scanning” that will monitor for suspicious activity in the background and take action immediately if you happen to click on a malicious file. I personally like to use two. Avast Professional Antivirus
combined with MalwareBytes Premium Anti Malware
. Both offer real time protection and work flawlessly together, with no real noticeable impact on system performance.
2. Block executable files from being able to launch from user profile folders.
By making use of Windows Software Restriction Policies or Intrusion Prevention software on the endpoint, you should not allow executable files to run from the following locations. These folders and sub folders are known to be used by Ransomware to host malicious processes.
The rules should be configured to “block all, allow some” so that the default behavior is to block ALL executable files unless you specifically white-list your known good applications.
3. Patch your Software frequently and consistently.
One of the most common infection vectors that malware exploits is software vulnerability. By ensuring your Browsers, Productivity Suites like Microsoft Office, Firewalls, Network devices and your Windows Operating System are patched; you will reduce the risk of being caught out.
4. Disable Microsoft Windows Default setting to “Hide extensions for known file types”
One of the ways Ransomware tries to hide its true identity is by masquerading as an innocent file format. For example, under Windows Default setting to hide extensions for known file type, a file purporting to be a PDF document might be called “Statement.PDF.exe
“. If the “Hide extensions for known file types
” option is enabled, the file will appear as Statement.PDF
. By disabling this option, you will be able to see the “.exe
” at the end of the file name which is a dead giveaway that it is NOT
a PDF file at all.
5. Educate yourself and your companies Users.
Users are the last line of defense in the battle against not just Ransomware, but any Virus or Malware infection. Malware such as Ransomware wouldn’t be successful if it were not for users downloading and executing a piece of malware (opening an e-mail attachment for example or clicking on a malicious link in email or on the web.
Educating users and employees on what is good practice and how to spot threats will reduce the chance of them falling victim to social engineering attacks. A few of the most important things to emphasize would be;
– Do not open e-mail attachments from senders you do not know
– Do not click on links in e-mails from senders you do not know
– Check for misspelled domains in e-mails (e.g. micosoft.com instead of microsoft.com)
– Check for bad spelling and incorrect formatting in the e-mail subject and/or body
– Report any suspicious files or e-mails to your IT Help Desk or Security team
6. Scan ALL Internet Downloads – regardless of the source
Use a Web Monitoring and Scanning solution to scan all Internet Downloads like Avast Antivirus
or MalwareBytes Premium AntiMalware Premium
. This will help prevent users from accessing known malicious sites (either accidentally and on purpose) and allow you to block certain file types. With such solutions in place on their workstations, even if a phishing e-mail gets through and a user clicks on a malicious link, a web monitoring and scanning solution like Avast
or MalwareBytes Premium
can often block access to that malicious site and prevent a malicious file download.
7. Backup your Server and Workstation Data Regularly – Daily Incremental backups are best.
Regular backups of your data will allow you to regain access to encrypted and other forms of Malware and Virus infected files. IMPORTANT: To avoid backups being infected as well, your backup sets should be kept in a secure OFFLINE location (or Cloud Based Backup Solution) and set to “Read-Only”. Periodic integrity checks on the backed up data should be carried out to make sure your backups are intact and usable.
It should go without saying that any backup plan without a periodic tried and tested restore process means nothing. what good is a backup set if its Integrity has been compromised and thus cannot be restored, right?
The list above is by no means extensive, but if followed, you will reduce your risk of disaster to yourself and/or your company.
I hope you find this post useful and get some value out of it. For further information, please do not hesitate to contact me..