How to protect against ransomware

Hi there, are you here because you want to prevent your computer from getting infected with a ransomware virus? I hope you do, because if your computer is already infected with ransomware, and you are searching for ways how to get rid of it, then you might be out of luck. It’s almost impossible to get rid of a ransomware virus after it is installed.  Your best bet is doing a clean install of the operating system ( if you don’t care about files) or pay whatever ransom the software is demanding and hope the attacker will send you the decrypt key to free up your files.

Based on many online reports in 2017, ransomware attacks are on the rise. Here are a few tips on how to protect against those nasty ransomware attacks.

What is ransomware anyway?

Ransomware at the simplest form is a piece of software that gets installed on the the victim’s computer ( phone or tablet ) then that software encrypts or locks all files in that computer and demand the victim to pay a certain amount of money to get his or her files back.  Early ransomware viruses were not very sophisticated and any computer savvy user could get around the virus and get rid of it, but modern ransomware viruses are impossible to remove because of their encrypting methods. It would take thousand of years for a powerful computer to decrypt the files using brute force.

What are the most popular ransomware viruses?

Nowadays there are many type of ransomware viruses, but one of the first to become mainstream was the dreaded CryptoLocker. If I’m not mistaken, this ransomware virus became popular around 2012 until around 2014 when the botnet was shutdown. Another one that spread out like wild fire was CryptoWall and there are still many variants of it. Cryptobit, CryptoDefense, CryptoWall 2.0 CryptoWall 3.0 are some of the variant names of the original CryptoWall. Locky is a relatively new ransomware virus that demands Bitcoins to the victim after the files have been encrypted. TeslaCrypt is also another one that uses the AES encryption method to encrypt files, and demands Bitcoins as ransom.  These are just some of the well known ones, with ransomware in such a rise, its not surprising to see many variants or new type of these viruses coming into existence.

How are ransomware viruses transmitted?

As any other virus ransomware requires the delivery of a payload in order work, which means that it needs to be installed in the computer first. Most of the times people download the infected files when downloading something from the Internet or when receiving an email with attachments. A popular misconception I’ve seen especially with less computer savvy users is that they believe computers get infected with viruses by just browsing the Internet or receiving a normal text email, but no, you have to install something in order to get infected.

How can home users  protect against ransomware?

Home users are the most vulnerable ones, because attackers know they are the most defenseless , and in many cases the less computer savvy ones, so they get targeted more. As a home user these are the things I recommend you do to protect yourself against ransomware:

  • Backup all important files to an external hard drive. You just don’t know when you’re going to get hit. Don’t just sync your files to online synching services like Dropbox, OneDrive or Google Drive, if ransomware gets in your computer it will encrypt everything including those folders, rendering your online copies of those files useless as well. Always backup your important files to an external hard drive, and keep that drive off the computer.
  • Make sure you have an antivirus installed in your computer and its updated. If you are using Windows 10 it already has a basic built-in antivirus installed, but make sure its turned on and updated. If you need a more robust antivirus protection software buy https://www.malwarebytes.com/ which includes protection against ransomware viruses as well.
  • Don’t download anything from the Internet unless you know the website is safe. Many times when you are browsing some sites, they will display pop-ups to download some things, but don’t click any links or download buttons from those pop-ups, if your browser gets stuck, just close it and restart fresh. Most reputable websites like the one you are at right now are secure with a TLS connection, and it will display a secure lock in the address bar when the connection is not compromised. pay attention to that when you visit a new site:

prevent ransomware -- check site HTTPS

  • Never open or download attachments from emails coming from unknown senders. Most banks, the IRS or other government branches from where you could receive important random emails have strict email policy guidelines on how they communicate with their customers, so if you are unsure if the email is legit, go to their website and read their email policy.  I don’t know of any reputable bank that sends you private or critical information via email, if you get that, is most likely a scam.

How corporate users can protect against ransomware attacks?

Most of the suggestions I bulleted above apply to corporate users as well, but security in corporations is taken care of primarily by the IT people. As an IT professional in charge of the security of our computer network I am responsible for keeping ransomware out. At the network level, we have set a rule to never browse the Internet from the servers, that is a no no. We scan all incoming  external emails  and block any attachment with an executable file in it. I block internet access on terminal servers. I run monthly reports in firewalls to make sure only necessary ports are open. At the computer level I make sure all computers have an antivirus installed, and its updating automatically. I remove administrator rights from users with bad computer behavior ( you know those repeated offenders with computer infections every week? ) and most importantly, I’m constantly educating our users about new threats with articles like this.

Conclusion

Preventing a nasty infection like ransomware requires a combination of software and human awareness. You can have a top-notch security suite installed in your computer to block all those threats,but if you are not careful and don’t follow recommendations like the ones I posted above, soon or later the antivirus will fail to detect that latest ransomware threat, and bam! you’ll get ransomed!