Solved

how to protect workstation from ransomware

Posted on 2014-10-22
11
58 Views
Last Modified: 2015-12-30
how to protect a computer against ransomeware
0
Comment
Question by:pititsonson
  • 2
  • 2
  • 2
  • +3
11 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 250 total points
ID: 40396839
You should always have a good, commercial, paid anti-virus suite with firewall on board the Workstation.

However, ALL anti-virus suites are rear-guard applications that protect AFTER the virus has been released into the wild.

Additional Actions:  

1. Make sure the user is a Standard user and NOT admin.
2. Make sure UAC is ON - no excuses.
3. Install EMET V5 from Microsoft and configure - not set and forget.

Read my article: Trouble Free computing about EMET.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17119-Trouble-free-computing-a-basic-approach.html

Always train your users to exercise good common sense.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40396851
Just secure your working files frequently on a NAS, CLOUD or whatever you will choose.
Keep a few backups over weeks/monthes.
You need nothing else, you can always reinstall softwares but never loose your data.

When you hit a ransomware problem, format, resintall software, restore your working files from backup :)
0
 
LVL 87

Expert Comment

by:rindi
ID: 40396873
I don't agree that you need paid anti-virus tools. There are free AV tools available that are just as good or better than many paid for tools. Panda Cloud Free is one of the best such tools. But, most of the free tools are only for use in private environments, so when used in a company, use the pro version of panda, which isn't free. As said above, backups are the best way to protect yourself. But make sure that after the backup is done that you disconnect the backup destination from the PC. Also don't map network shares to drive-letters. Current ransomware can only infect network shares if they are mapped to a drive-letter. If you use the full url, using \\IPOfServer\ShareName the files are safe at the moment.

As already mentioned, never use admin accounts, and user education for web activity are good precautions.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40397496
Ransomware is not a special kind of malware, it just has monetary goals. So you could as well ask "how to protect against malware". As this question has been asked here and elsewhere so many times, I wonder why people repeat the efforts to come again and again with the same hints. Oh well...

I will nevertheless complete the list with things that haven't been mentioned

->whitelist known apps, disallow all other applications (Applocker/software restriction policies)
->don't execute software from unknown sources
->keep your software updated
->create backups regularly
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 25

Expert Comment

by:Fred Marshall
ID: 40397518
How might pititsonson know the difference between "after the fact" protection and heuristics protection?
My sense is that a file scanner with heuristics is looking for patterns which are indicative of parasites without being as specific as a signature dictionary - and thus, not so much "after the fact".  Granted, they have to start somewhere.

Other suggestions are "be careful what you do" and "do adequate maintenance".  I clean up lots of computers and there is strong correlation between the "user type", "user habits" and the presence of parasites.

"Do adequate maintenance" means don't let your security software some how lapse.  I have seen too many computers with Norton or (take your pick) which has expired.  This leaves the computer in an unknown state regarding protection.  Generally, the Windows firewall is turned off because the other software is there.  etc.

"Be careful what you do" means don't be too adventurous on the web.  If you are then be very careful what you download and what you allow to be installed.  Many "good" websites present a very confusing array of download buttons.  It's worth spending some time figuring out where and how you will download things.
DON'T be attracted by anything that pops up!!
DON'T be attracted by the latest and greatest video player!!
etc.
When you install a program, look carefully at the checkbox options and if in any doubt at all, opt to NOT install anything that comes along.
Even Adobe software installs come with "extra goodies" that I don't want on my computer.  Uncheck them all.
MAKE SURE that what you're downloading is what you want and not something that's been named similarly.
Google top hits are ads that can lure you into places you'd rather not go.
Make sure the names and the download sites are OK by doing some research.

Some notorious site types:
- looking for a driver for your computer?  Be careful.
- adult sites
0
 
LVL 87

Expert Comment

by:rindi
ID: 40397729
You are talking about "Norton which has expired". My experience in particular with norton (symantec products) is that it doesn't matter whether they have expired or not, they are terrible products all the way, and I regard them as "almost malware". Symantec products are always the first things I replace with better products from any PC.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 40397996
rindi:  Well I rather agree with that but "expired" seems to create a much worse situation.  I'm thinking of the firewall status for one thing...
0
 
LVL 38

Expert Comment

by:younghv
ID: 41385103
I've requested that this question be closed as follows:

Accepted answer: 500 points for thinkpads_user's comment #a40396839

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41385104
With all due respect, but the proposed solution, though it mentions important things, lacks many of the most important proactive and countermeasures there are against ransomware (for example the 4 I mentioned). A split would be much more appropriate. How that split should be? Only the asker could tell, so I am not begging for any credit.

 Merry X-mas.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now