Ransomware attacks are still on the rise and will continue to be as long as victims keep paying ransoms. A few years ago, ransomware only blocked access to your system. These days ransomware actually encrypts your data. And if you are “lucky” enough to get infected by a decent version, paying the ransom might be your only option to get your files back.
Like with everything, prevention is better than cure. But how?
Let me first state that there is no such thing as a silver bullet when it comes to ransomware. There is currently no product on the market that is able to block all ransomware attacks. This post will focus on prevention and damage control.
1. Backups, backups, and backups.
Did i mention backups? I can’t say it enough, get your backups in order! It seems the only time people think of back-ups is when they need them. If you ask people what files are important and should be backed up they have no clue. But as soon as they are infected with ransomware, they know exactly what files should have been backed up.
You should also have at least two backups. One at home, to recover files from when you lost a file. And an external one to recover your files from when things go horribly wrong (fire, burglary, natural disaster). This external backup can be a bit older, but should always contain your most valuable files.
Using the built-in backup tools is a great way to get started. Microsoft Windows has Windows backup and restore built in and is simple to setup. Just make sure to back-up to an external (encrypted) device and disconnect it after the back-up, recent versions of ransomware also encrypt connected devices. If you are looking for backup software, I suggest visiting my list of back-up software.
The account you are working with should never have admin rights. There is no reason why it should. Your user account should only have access to your own personal documents and files. Yes, these are exactly the files you don’t want ransomware to have access to. However, most ransomware will need admin rights in order to delete shadow copies and make recovery using system restore impossible. Not having admin rights means it is able to encrypt your files but unable to make recovery impossible. It also prevents the ransomware from encrypting files of other users on your system and will help to prevent the ransomware from propagating throughout your network. According to the 2016 Microsoft Vulnerabilities Study by Avecto 94% of the 189 vulnerabilities with a critical rating in 2016 were concluded to be mitigated by removing administrator rights. 66% of all reported Microsoft vulnerabilities could be mitigated by removing admin rights. I highly recommend reading the report for all the details, but the bottom line is that removing admin rights improves the security of your systems dramatically.
If a user, for whatever reason, requires admin rights you should always enable UAC. Microsoft Windows vista and higher has User Account Control (UAC) build-in. UAC does an excellent job of preventing application running with admin rights, most users, however, don’t fully understand the meaning of the UAC and experience it as annoying. It’s better to give users a standard user account without admin rights and have a separate admin account protected with a password. If the UAC pops up because an application needs admin rights, you will need to enter the password of the admin user.
An update a day keeps ransomware away. Updates are always inconvenient. However, they are essential for a safe system. You should always install critical updates when they become available. This does not mean you shouldn’t test the updates before installing them. There are known cases where a developer was hacked and malware was placed within an update. Use a system isolated from your main network to test and scan updates before rolling them out on your network.
Ensure not only the operating system is up to date, but also the software you are using. If you are running a lot of software, you might take a look at some of these tools that make updating a lot easier.
4. Pay attention
With the exception of (zero-day) exploits, ransomware isn’t something that just “happens”. In 90% of all ransomware cases, there is someone performing an action that is causing the infection. I have seen cases where people tried to open an infected e-mail attachment up to 4 times on several systems because “invoice.pdf.exe” wouldn’t open.
Here are some tips:
Did you get an e-mail with an attachment? Is it from someone you know? Did you expect them to send you this e-mail? Always check the extension of the attachment. For example, a Microsoft Word document should end with .docx (or .doc), an Adobe PDF document with .PDF. Attachments ending with .js, .html or .exe are prime examples of infected attachments waiting to infect your system.
Also be on the watch for double extensions, .pdf.exe or .jpg.zip. These double extensions try to fool you because as soon as they are saved to your hard disk your system will hide the (known) last extension, tickets.pdf.exe will become tickets.pdf. You can disable this behavior and make your system always show the real extension, click this link to learn how.
Never, ever open an attachment if you don’t expect it. Malware always tries to scare you and trick you into opening the attachment.
Look out for usb drives
Found a USB drive? Don’t just plug it in! What looks like a simple USB-drive can be a lot more. If you plug in the wrong drive it can ruin your day.
If you are at a new place, don’t assume the unprotected WiFi network called “Guests” is theirs. Always ask the staff what their WiFi is. It’s extremely simple to set up a fake WiFi network and steal information. Even worse, they can perform a man-in-the-middle attack and infect your system.
Using unprotected WiFi is always a bad idea. You might be better off using your own mobile plan to connect to the internet. I would also highly recommend using a VPN to secure your connection.
Even if you follow all these tips and tricks there is always a chance you might get infected. If you want a safety net to protect you for that one time it goes wrong then you have some software to chose from.
Please take a look at the list of ransomware protection.
Please note, that no software is able to 100% protect your system.