What is ransomware?
Ransomware belongs to the family of malware used to take control of users’ machines and the users get back control of the machine when the victim pays a ransom to the attackers.
There are a number of preventive steps that a user can take to avoid ransomware attack. But before delving depth into the ransomware prevention technique, you need to know a bit about types of ransomware and how they spread.
How does ransomware spread?
Your computer may get infected with ransomware in several ways such as via email attachment, via compromised website, Trojan horses, by clicking pop up ads, etc.
To trick the users, the malicious program or emails will pretend as if it came from a legitimate source such as the user has been caught visiting illegal websites and thus he need to pay penalty. Some other techniques used to spread ransomware are showing the users a fake windows activation screen and asking them to pay using crypto-currency such as bitcoin. Sometimes users prompted to click on popup ads when they are offer free antivirus or antimalware software. Once you click the link the ransomware will be auto downloaded in your system.
Two common types of ransomware
The two most command types of ransomware are ransomlock and cryptolocker. Ransomlock takes control of the computer screen by locking them while the cryptolocker encrypts users’ data including images, videos. The files are encrypted with a public key and once the victim pay the ransom, a corresponding session key is given to the user to decrypt the data.
Here are our top tips to defend against ransomware
- Do not click pop up ads.
If see an attractive pop-up ads claiming to be an antivirus/anti-malware software, don’t click on it. Sometimes, you may see messages in the ads that says, “your system is infected, or “FBI warnings: your system is be used for illegal activities”. Never click on such ads and your next step should be to close your web browser. Do not click on the links or buttons inside the pop-up, do not even try to close the ads, which may trigger the ransomware installation script.
- Download files only from the secured sources
You may need to use open-source software for various reasons. Always download software from the ordinal developer’s website, not from any free software download website.
- Avoid visiting unknown websites
Most people browser internet for searching information, reading reviews, buying staff only. If you are looking for information in Google search or any other search engines, Google may show up contents from the unknown or compromised sites in their first page. At first click on the links that is from reputed domains such as news sites, Wikipedia, .edu blogs etc.
- Whitelisting apps/trusted application mode:
If someone in your network download and execute an .exe file that contains ransomware code, your all computers in the network will be at the risk of getting infected. If you have an endpoint device, make sure you have you only run trusted applications on your computer? Most of the personal end point solution (antivirus, internet security software etc.)
Trusted application means your computer will only allow the applications that are trusted by the database of your endpoint solution provider. Even if you download a rouge app by mistake, your endpoint will block it. So, consult your send point solution provider to learn about how to whitelist apps or how to enable trusted application mode in end point security.
Ransomware can be installing on your machine by taking advantages of the known vulnerabilities of your operation system. As soon as your vendor (Microsoft, Apple) releases OS security patches, you need to apply them on your system as soon as possible. Always make sure all the applications on your system are updated and patched up.
- Back up data and system
you can take regular system and data backup. System backup means you will have the capability to restore your operation system to a previous system when it gets corrupted. Take an off line backup mean keep it in a separate external hard disk. If possible store your backup in encrypted form, thus making sure even if your backup copy get lost or falls into the wrong hand , no one will be able to decrypt your data. Also, keep an off-site backup copy, which means keeping a copy of backup in a separate physical location. You may discuss with data backup experts or vendors to learn about what backup solution is appropriate for you.
Remember that backup works like an insurance. Every if you opt for a paid backup solution, it is worth considering if you have valuable data that you need for your work. For instance, during the ransomware attack on San Franciso’s transportation system, the company decided not to pay to the hacker and restore all infected computer from backup, which saved them $70,000 ransom.
- Start using strong Internet security solutions-
if you need Internet for your daily works, it is essential that you have an Internet security solution. It does not cost much to have a premium Internet security product that includes anti-viruses as well.
- Learn about malwares and how they enter in your computer
keep your eyes open on the latest trends on malware development. You can visit Sophos, Norton’s, McAfee or Trend Micro’s blog to keep abreast of ransomwares.
- Scan before copying files
Scan the external drive before copying anything to your computer. A pen drive may contain a Trojan which may be copied over to you system and it might open a backdoor to install ransomware remotely on your computer.
Don’t turn on macros- macro auto-execution disable on Windows by default. If downloaded file/apps ask you to turn-on, don’t do it.
- Microsoft office view
If you have to open a Microsoft word or Excel that you receive from someone, you can view it with Microsoft office viewer before opening it.
- Privilege user account
Avoid using privileged account. Create a second account on your computer with less privilege and only use your administrative credential when you have to install anything. Avoid browsing and downloading anything when you log in with your admin account.
What to do if my computer gets infected with ransomware?
Despite taking all preventive measure if your computer gets infected with ransomware, you can try to roll back your computer from backup. If it fails you can seek professional assistance from malware removing service provider.