By now, it looks like thereâ€™s no escape from ransomware, especially since it also targets mobile devices, threatening to lock users out of their smartphones or tablets. Remember Koler? Unfortunately, encrypted communications between attackers and elusive infection workflows make it difficult for traditional detection-based security solutions to block ransomware attacks.
How to prevent getting infected
Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the bestÂ way to protect against the effects of ransomware is to not get infected in the first place.
Recommendations for users
- Regularly backup your data in the cloud or using an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.
- Keep UAC enabled. UAC notifies you when changes are going to be made to your computer that require administrator-level permission.
- Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules thatâ€™s constantly updated and able to perform active scanning. Make sure you donâ€™t override the optimal settings and that you update it regularly.
- To secure your mobile device, avoid downloading apps from unfamiliar sites — only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.
- Enable ad-blocking tools to reduce malicious ads.
- Use a filter to reduce the number of infected spam emails that reach your Inbox.
- When possible, virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.
- Increase your online protection by adjusting your web browser security settings.
- Keep your Windows operating system and your vulnerable software- especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.
Ransomware is a growing menace for companies, and employees are sometimes a companyâ€™s weakest links, especially with the BYOD/BYOA trend. Weighing the consequences, thereâ€™s no doubt companies should take all the security measures needed. If you are a decision maker in the companyâ€™s IT team, hereâ€™s what you need to consider:
Recommendations for companies
- Educate employees in good computer practices, in identifying social engineering attempts and spear-phishing emails.
- Install, configure and maintain an advanced endpoint security solution.
- Enable software restriction policies to block programs from executing from specific locations.
- Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.
- Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
- Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.
If you get infectedâ€¦
Donâ€™t rush into paying the ransom. This way, you will fund cyber-crime. Also, remember that law enforcement agencies never demand money this way, after encrypting your data.
If you suspect you are a victim of ransomware, but havenâ€™t seen the characteristic ransomware screen, disconnect yourself from the network immediately. Shutting down your device and rebooting in safe mode can prove to be a good way to stop the encryption process. Donâ€™t forget to search for the removal tools created by security companies for specific threats.