how to protect workstation from ransomware

how to protect a computer against ransomeware
pititsonsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You should always have a good, commercial, paid anti-virus suite with firewall on board the Workstation.

However, ALL anti-virus suites are rear-guard applications that protect AFTER the virus has been released into the wild.

Additional Actions:  

1. Make sure the user is a Standard user and NOT admin.
2. Make sure UAC is ON - no excuses.
3. Install EMET V5 from Microsoft and configure - not set and forget.

Read my article: Trouble Free computing about EMET.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17119-Trouble-free-computing-a-basic-approach.html

Always train your users to exercise good common sense.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StampelCommented:
Just secure your working files frequently on a NAS, CLOUD or whatever you will choose.
Keep a few backups over weeks/monthes.
You need nothing else, you can always reinstall softwares but never loose your data.

When you hit a ransomware problem, format, resintall software, restore your working files from backup :)
0
rindiCommented:
I don't agree that you need paid anti-virus tools. There are free AV tools available that are just as good or better than many paid for tools. Panda Cloud Free is one of the best such tools. But, most of the free tools are only for use in private environments, so when used in a company, use the pro version of panda, which isn't free. As said above, backups are the best way to protect yourself. But make sure that after the backup is done that you disconnect the backup destination from the PC. Also don't map network shares to drive-letters. Current ransomware can only infect network shares if they are mapped to a drive-letter. If you use the full url, using \\IPOfServer\ShareName the files are safe at the moment.

As already mentioned, never use admin accounts, and user education for web activity are good precautions.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

McKnifeCommented:
Ransomware is not a special kind of malware, it just has monetary goals. So you could as well ask "how to protect against malware". As this question has been asked here and elsewhere so many times, I wonder why people repeat the efforts to come again and again with the same hints. Oh well...

I will nevertheless complete the list with things that haven't been mentioned

->whitelist known apps, disallow all other applications (Applocker/software restriction policies)
->don't execute software from unknown sources
->keep your software updated
->create backups regularly
0
Fred MarshallPrincipalCommented:
How might pititsonson know the difference between "after the fact" protection and heuristics protection?
My sense is that a file scanner with heuristics is looking for patterns which are indicative of parasites without being as specific as a signature dictionary - and thus, not so much "after the fact".  Granted, they have to start somewhere.

Other suggestions are "be careful what you do" and "do adequate maintenance".  I clean up lots of computers and there is strong correlation between the "user type", "user habits" and the presence of parasites.

"Do adequate maintenance" means don't let your security software some how lapse.  I have seen too many computers with Norton or (take your pick) which has expired.  This leaves the computer in an unknown state regarding protection.  Generally, the Windows firewall is turned off because the other software is there.  etc.

"Be careful what you do" means don't be too adventurous on the web.  If you are then be very careful what you download and what you allow to be installed.  Many "good" websites present a very confusing array of download buttons.  It's worth spending some time figuring out where and how you will download things.
DON'T be attracted by anything that pops up!!
DON'T be attracted by the latest and greatest video player!!
etc.
When you install a program, look carefully at the checkbox options and if in any doubt at all, opt to NOT install anything that comes along.
Even Adobe software installs come with "extra goodies" that I don't want on my computer.  Uncheck them all.
MAKE SURE that what you're downloading is what you want and not something that's been named similarly.
Google top hits are ads that can lure you into places you'd rather not go.
Make sure the names and the download sites are OK by doing some research.

Some notorious site types:
- looking for a driver for your computer?  Be careful.
- adult sites
0
rindiCommented:
You are talking about "Norton which has expired". My experience in particular with norton (symantec products) is that it doesn't matter whether they have expired or not, they are terrible products all the way, and I regard them as "almost malware". Symantec products are always the first things I replace with better products from any PC.
0
Fred MarshallPrincipalCommented:
rindi:  Well I rather agree with that but "expired" seems to create a much worse situation.  I'm thinking of the firewall status for one thing...
0
younghvCommented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for thinkpads_user's comment #a40396839

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
McKnifeCommented:
With all due respect, but the proposed solution, though it mentions important things, lacks many of the most important proactive and countermeasures there are against ransomware (for example the 4 I mentioned). A split would be much more appropriate. How that split should be? Only the asker could tell, so I am not begging for any credit.

 Merry X-mas.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.