We have dealt with a number of Ransomware attacks in the recent past and we have found that being aware of the possible entry points and prevention measures is the best defense against such attacks. Dealing with the aftermath of ransomware attacks is costly due to the increasing cost of Bitcoins (the preferred currency of Ransomware attackers) and the amount of Downtime caused, where submitting the ransom might be the sole option for recovering locked data. Focusing on prevention is the approach NIS recommend.
The growth of ransomware over the past few years has driven the security industry to create myriads of tools applicable for blocking these types of threats from being executed on computers.
Here we focus on additional measures that users should employ to ensure a higher level of defense against ransomware attacks.
1. First and foremost, 3 words Backups Backups Backups.
Ideally, backup activity should be diversified, so that the failure of any single point won’t lead to the irreversible loss of data. Store one copy in the cloud, Acronis Cloud Backup, and the other on offline physical media, such as a portable HDD.
Checking the integrity of your backups periodically is essential to having a good and reliable backup
2. Refrain from opening attachments that look suspicious.
Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like but not limited to .exe, .vbs, or .scr.
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
3. Think twice before clicking.
Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
4. The Show File Extensions feature can thwart ransomware plagues, as well.
This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. The fraudsters may also utilize a confusing technique where one file can be assigned a couple of extensions.
For instance, an executable may look like an image file and have a .gif extension. Files can also look like they have two extensions – e.g., cute-dog.avi.exe or table.xlsx.scr – so be sure to pay attention to tricks of this sort.
5. Keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
This habit can prevent compromises via exploit kits.
6. In the event a suspicious process is spotted on your computer, instantly turn off your computer or laptop
This is particularly efficient on an early stage of the attack because you could limit the ransomware’s work to encrypt your files.
7. Keep the Windows Firewall turned on and properly configured at all times.
8. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.).
In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC.
9. Block popups as they can also pose an entry point for ransom Trojan attacks.
10. Use strong passwords that cannot be brute-forced by remote criminals.
Set unique passwords for different accounts to reduce the potential risk.
Password , password and admin are the most commonly used passwords
11. Deactivate AutoPlay.
This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
12. Block known-malicious Tor IP addresses.
1Tor (The Onion Router) gateways are the primary means for ransomware threats to communicate with their C&C servers. Therefore, blocking those may impede the critical malicious processes from getting through.
Since ransomware is definitely today’s number one cyber peril due to the damage it causes and the prevalence factor, the countermeasures above are a must. Otherwise, your most important files could be completely lost.
The key recommendation is backups – offline and/or in the cloud.
The decision about whether to use cloud storage or local storage depends on your backup needs. For most personal users, cloud storage is an ideal solution: It’s inexpensive, easy to set up, and doesn’t require a lot of attention once the system is in place. Plus, most cloud platforms can be set to back up automatically at certain times. Small businesses that lack the resources for On-Site IT professionals also find cloud solutions effective.
Some companies are setting up Hybrid Solutions, a combination of automated cloud storage and local hardware backups for essential data can insure against most data loss disasters, which is the primary goal for any backup and recovery solution.
There are Pros and Cons associated with both Cloud and Local Backups, cost, flexibility, speed and accessibility
Vigilance is the key.
Paul Rice, a Senior Engineer of NIS for the past 14 years has kindly prepared this article to help provide our customers with some knowledge on one of the current issues in the IT sector - Ransomware.
Paul has many years of experience in this industry and strives to use all the necessary tools / products available on the current market to assist our customers on prevention of Ransomware and similar threats. Paul has been a key player in resolving all previous cases relevant to this issue, and continues to offer free site evaluations to any customers that feel they may be open to threat. Please feel free to contact us for more information.