Solved

how to protect workstation from ransomware

Posted on 2014-10-22
11
74 Views
Last Modified: 2015-12-30
how to protect a computer against ransomeware
0
Comment
Question by:pititsonson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
11 Comments
 
LVL 96

Accepted Solution

by:
Experienced Member earned 250 total points
ID: 40396839
You should always have a good, commercial, paid anti-virus suite with firewall on board the Workstation.

However, ALL anti-virus suites are rear-guard applications that protect AFTER the virus has been released into the wild.

Additional Actions:  

1. Make sure the user is a Standard user and NOT admin.
2. Make sure UAC is ON - no excuses.
3. Install EMET V5 from Microsoft and configure - not set and forget.

Read my article: Trouble Free computing about EMET.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17119-Trouble-free-computing-a-basic-approach.html

Always train your users to exercise good common sense.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40396851
Just secure your working files frequently on a NAS, CLOUD or whatever you will choose.
Keep a few backups over weeks/monthes.
You need nothing else, you can always reinstall softwares but never loose your data.

When you hit a ransomware problem, format, resintall software, restore your working files from backup :)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40396873
I don't agree that you need paid anti-virus tools. There are free AV tools available that are just as good or better than many paid for tools. Panda Cloud Free is one of the best such tools. But, most of the free tools are only for use in private environments, so when used in a company, use the pro version of panda, which isn't free. As said above, backups are the best way to protect yourself. But make sure that after the backup is done that you disconnect the backup destination from the PC. Also don't map network shares to drive-letters. Current ransomware can only infect network shares if they are mapped to a drive-letter. If you use the full url, using \\IPOfServer\ShareName the files are safe at the moment.

As already mentioned, never use admin accounts, and user education for web activity are good precautions.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40397496
Ransomware is not a special kind of malware, it just has monetary goals. So you could as well ask "how to protect against malware". As this question has been asked here and elsewhere so many times, I wonder why people repeat the efforts to come again and again with the same hints. Oh well...

I will nevertheless complete the list with things that haven't been mentioned

->whitelist known apps, disallow all other applications (Applocker/software restriction policies)
->don't execute software from unknown sources
->keep your software updated
->create backups regularly
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40397518
How might pititsonson know the difference between "after the fact" protection and heuristics protection?
My sense is that a file scanner with heuristics is looking for patterns which are indicative of parasites without being as specific as a signature dictionary - and thus, not so much "after the fact".  Granted, they have to start somewhere.

Other suggestions are "be careful what you do" and "do adequate maintenance".  I clean up lots of computers and there is strong correlation between the "user type", "user habits" and the presence of parasites.

"Do adequate maintenance" means don't let your security software some how lapse.  I have seen too many computers with Norton or (take your pick) which has expired.  This leaves the computer in an unknown state regarding protection.  Generally, the Windows firewall is turned off because the other software is there.  etc.

"Be careful what you do" means don't be too adventurous on the web.  If you are then be very careful what you download and what you allow to be installed.  Many "good" websites present a very confusing array of download buttons.  It's worth spending some time figuring out where and how you will download things.
DON'T be attracted by anything that pops up!!
DON'T be attracted by the latest and greatest video player!!
etc.
When you install a program, look carefully at the checkbox options and if in any doubt at all, opt to NOT install anything that comes along.
Even Adobe software installs come with "extra goodies" that I don't want on my computer.  Uncheck them all.
MAKE SURE that what you're downloading is what you want and not something that's been named similarly.
Google top hits are ads that can lure you into places you'd rather not go.
Make sure the names and the download sites are OK by doing some research.

Some notorious site types:
- looking for a driver for your computer?  Be careful.
- adult sites
0
 
LVL 88

Expert Comment

by:rindi
ID: 40397729
You are talking about "Norton which has expired". My experience in particular with norton (symantec products) is that it doesn't matter whether they have expired or not, they are terrible products all the way, and I regard them as "almost malware". Symantec products are always the first things I replace with better products from any PC.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40397996
rindi:  Well I rather agree with that but "expired" seems to create a much worse situation.  I'm thinking of the firewall status for one thing...
0
 
LVL 38

Expert Comment

by:younghv
ID: 41385103
I've requested that this question be closed as follows:

Accepted answer: 500 points for thinkpads_user's comment #a40396839

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41385104
With all due respect, but the proposed solution, though it mentions important things, lacks many of the most important proactive and countermeasures there are against ransomware (for example the 4 I mentioned). A split would be much more appropriate. How that split should be? Only the asker could tell, so I am not begging for any credit.

 Merry X-mas.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question