Before we proceed, here is a quick catch-up, in case you've missed the first two articles describing what ransomware is and how it works: Part I and Part II.
By now, it looks like there's no escape from ransomware, especially since it also targets mobile devices, threatening to lock users out of their smartphones or tablets. Remember Koler?Unfortunately, encrypted communications between attackers and elusive infection workflows make it difficult for traditional detection-based security solutions to block ransomware attacks.
How to prevent getting infected
Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the best way to protect against the effects of ransomware is to not get infected in the first place.
Recommendations for users:
1. Regularly backup your data in the cloud or using an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.
3. Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules that’s constantly updated and able to perform active scanning. Make sure you don't override the optimal settings and that you update it regularly.
4. To secure your mobile device, avoid downloading apps from unfamiliar sites — only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.
5. Follow good internet practices; avoid questionable websites, link or attachments in emails from uncertain sources. Alternatively, you might want to consider a browser extension that blocks JavaScript (such as NoScript).
6. Enable ad-blocking tools to reduce malicious ads.
7. Use a filter to reduce the number of infected spam emails that reach your inbox.
8. When possible, virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.
9. Increase your online protection by adjusting your web browser security settings.
10. Keep your Windows operating system and your vulnerable software- especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.
Ransomware is a growing menace for companies, and employees are sometimes a company's weakest links, especially with the BYOD/BYOA trend. Weighing the consequences, there's no doubt companies should take all the security measures needed. If you are a decision maker in the company's IT team, here's what you need to consider:
Recommendations for companies:
1. Educate employees in good computer practices, in identifying social engineering attempts and spear-phishing emails.
2. Install, configure and maintain an advanced endpoint security solution.
3. Enable software restriction policies to block programs from executing from specific locations.
4. Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.
5. Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate applications.
6. Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.
If you get infected:
Don't rush into paying the ransom. This way, you will fund cyber-crime. Also, remember that law enforcement agencies never demand money this way, after encrypting your data.
If you suspect you are a victim of ransomware, but haven't seen the characteristic ransomware screen, disconnect yourself from the network immediately. Shutting down your device and rebooting in safe mode can prove to be a good way to stop the encryption process. Don't forget to search for the removal tools created by security companies for specific threats.
Comments
Post a Comment