Ransomware is a terrible software that is used by cyber criminals to get hold of a person’s computer and files, then demand payment in order for you to get them back. It is a very popular way through which cyber criminals are benefiting financially these days from unsuspecting businessmen as well as individuals with websites and those that use the web. There are those Ransomware that can get through a person’s machine and there are those that can be installed through software vulnerabilities, only to gain access to a victim’s machine. It is important to know how to protect oneself from such attacks:
Here you will a find a 10 basic trick to protect a website from Ransomware
Ransomware can easily be defeated if you have a regularly updated backup of your files and data. Once you are attacked, it is very easy to lose what you have worked on up to that instant. If you are able to restore your system to an earlier date, you will be able to clean it up and then restore your documents and files from the backup. This way, you will be able to get rid of the attacker and also to recover all your files and data.
Ransomware will arrive in a file that is named with an extension. When you know this, you will always know what to look out just so you will not install it in your system. Windows hides file extensions by default, making it hard for users to know if what they are actually installing is the actual file or Ransomware. You can re-enable the ability to see the full extension, so that you will be able to spot any suspicious file that you are about to install.
There is always the need to have anti-malware and a software wall in order to easily identify any threats to your system or suspicious behavior. The two layers of protection are very important because even malware authors are smart enough and they will keep trying, sending new variants in order to try and see what can go through without detection. With that kind of protection, a Ransomware variant may get past say the anti-malware software, but it may get caught by a firewall when it attempts to receive instructions to encrypt your files.
A gateway mail scanner should be able to filter files by extension, and then you can easily deny those emails that have been sent with EXE files and those that come with two file extensions. This is because these are the ones likely to be Ransomware.
Just like all the other malware, Ransomware will target a system that is out of date. This is easier to get through than one that is up to date. Cyber criminals always target those people that use out of date software because they can easily exploit them in order to access the system secretly. If you make it a habit of updating all your software, you can reduce the potential of being attacked by Ransomware by a great percentage.
One of the notable behaviors that is popular with Ransomware is to run its executable from the App Data or Local App Data Files. To be safe, you need to create rules within Windows or with Intrusion Prevention Software in order to disallow that. If by any chance you have a legitimate software that is set to run from the App Data area, you can exclude it from this rule.
7. Disable RDP
It has been noted that Ransomware and other malware access target machines using RDP, a utility on Windows that allow others to access your desktop remotely. This utility is important to some people but if you are not using this utility, it is advisable to disable it in order to protect your system from any RDP exploits.
Cryptolocker is the most popular Ransomware that has been in the news for some time now. If this is what you are afraid of, you can always use its prevention kit. The kit was created as a way to disable files that are set to run form the App Data and Local App Data folders. It also disables executable files from running from the Temp directory of various unzipping utilities. The tool should always be up to date as new techniques continue being discovered for Ransomware.
This should be done as soon as you realize or suspect that you have run a file that could be Ransomware. Acting quickly helps to stop any communication with C&C server before the malware completely encrypts your files. Once you disconnect yourself from WiFi or any network, you might be able to lessen the damage. It will take Ransomware some time to encrypt all your files; therefore you should do this as fast as possible in order to save most of them if not all.
It helps a lot to have System Restore enabled on your machine, so that you can easily take back your system to a clean state after such an attack. This however requires you to be smarter because the newest versions of Ransomware are able to delete all the shadow files from your system restore and this means that those files will not be there once you recover your system from the damaged version. This should be done very fast too.
Ransomware is something that everyone needs to be aware of because it is a total deviation from the previous cyber attacks people have seen in the past. This is a financially motivated malware and therefore quite frightening. It is always good to protect yourself from such attacks and the best way out is to keep an updated backup that you can always result to in case of any damage to your data or files.