Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how to protect workstation from ransomware

Posted on 2014-10-22
11
Medium Priority
?
79 Views
Last Modified: 2015-12-30
how to protect a computer against ransomeware
0
Comment
Question by:pititsonson
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 100

Accepted Solution

by:
John Hurst earned 1000 total points
ID: 40396839
You should always have a good, commercial, paid anti-virus suite with firewall on board the Workstation.

However, ALL anti-virus suites are rear-guard applications that protect AFTER the virus has been released into the wild.

Additional Actions:  

1. Make sure the user is a Standard user and NOT admin.
2. Make sure UAC is ON - no excuses.
3. Install EMET V5 from Microsoft and configure - not set and forget.

Read my article: Trouble Free computing about EMET.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17119-Trouble-free-computing-a-basic-approach.html

Always train your users to exercise good common sense.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40396851
Just secure your working files frequently on a NAS, CLOUD or whatever you will choose.
Keep a few backups over weeks/monthes.
You need nothing else, you can always reinstall softwares but never loose your data.

When you hit a ransomware problem, format, resintall software, restore your working files from backup :)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40396873
I don't agree that you need paid anti-virus tools. There are free AV tools available that are just as good or better than many paid for tools. Panda Cloud Free is one of the best such tools. But, most of the free tools are only for use in private environments, so when used in a company, use the pro version of panda, which isn't free. As said above, backups are the best way to protect yourself. But make sure that after the backup is done that you disconnect the backup destination from the PC. Also don't map network shares to drive-letters. Current ransomware can only infect network shares if they are mapped to a drive-letter. If you use the full url, using \\IPOfServer\ShareName the files are safe at the moment.

As already mentioned, never use admin accounts, and user education for web activity are good precautions.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 58

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 40397496
Ransomware is not a special kind of malware, it just has monetary goals. So you could as well ask "how to protect against malware". As this question has been asked here and elsewhere so many times, I wonder why people repeat the efforts to come again and again with the same hints. Oh well...

I will nevertheless complete the list with things that haven't been mentioned

->whitelist known apps, disallow all other applications (Applocker/software restriction policies)
->don't execute software from unknown sources
->keep your software updated
->create backups regularly
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40397518
How might pititsonson know the difference between "after the fact" protection and heuristics protection?
My sense is that a file scanner with heuristics is looking for patterns which are indicative of parasites without being as specific as a signature dictionary - and thus, not so much "after the fact".  Granted, they have to start somewhere.

Other suggestions are "be careful what you do" and "do adequate maintenance".  I clean up lots of computers and there is strong correlation between the "user type", "user habits" and the presence of parasites.

"Do adequate maintenance" means don't let your security software some how lapse.  I have seen too many computers with Norton or (take your pick) which has expired.  This leaves the computer in an unknown state regarding protection.  Generally, the Windows firewall is turned off because the other software is there.  etc.

"Be careful what you do" means don't be too adventurous on the web.  If you are then be very careful what you download and what you allow to be installed.  Many "good" websites present a very confusing array of download buttons.  It's worth spending some time figuring out where and how you will download things.
DON'T be attracted by anything that pops up!!
DON'T be attracted by the latest and greatest video player!!
etc.
When you install a program, look carefully at the checkbox options and if in any doubt at all, opt to NOT install anything that comes along.
Even Adobe software installs come with "extra goodies" that I don't want on my computer.  Uncheck them all.
MAKE SURE that what you're downloading is what you want and not something that's been named similarly.
Google top hits are ads that can lure you into places you'd rather not go.
Make sure the names and the download sites are OK by doing some research.

Some notorious site types:
- looking for a driver for your computer?  Be careful.
- adult sites
0
 
LVL 88

Expert Comment

by:rindi
ID: 40397729
You are talking about "Norton which has expired". My experience in particular with norton (symantec products) is that it doesn't matter whether they have expired or not, they are terrible products all the way, and I regard them as "almost malware". Symantec products are always the first things I replace with better products from any PC.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40397996
rindi:  Well I rather agree with that but "expired" seems to create a much worse situation.  I'm thinking of the firewall status for one thing...
0
 
LVL 38

Expert Comment

by:younghv
ID: 41385103
I've requested that this question be closed as follows:

Accepted answer: 500 points for thinkpads_user's comment #a40396839

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 58

Expert Comment

by:McKnife
ID: 41385104
With all due respect, but the proposed solution, though it mentions important things, lacks many of the most important proactive and countermeasures there are against ransomware (for example the 4 I mentioned). A split would be much more appropriate. How that split should be? Only the asker could tell, so I am not begging for any credit.

 Merry X-mas.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Spectre and Meltdown, how it affects me and my clients?
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question