- Key rule of thumb is to ensure that very important files or documents are backed up on a regular basis. Backups are useful only if they’re created prior to a ransomware attack. Dedicated backup software such as Acronis’s True Image supports data recovery onto different hardware. Preferably, backups should be spread in such a way that the failure of any single point won’t lead to the irreversible loss of data. It is advisable to store one copy in the cloud or employ Microsoft’s OneDrive, Dropbox storage facilities, and the other on offline physical storage gadgets such as a portable Hard Disk Drive (HDD). Ensure data access privileges and read/write permissions are set, so that the files cannot be modified or erased and also to check the integrity of your backup copies once in a while.
- Ensure your Windows operating system is updated with Microsoft’s latest Security Bulletin MS017-010: Security Update for Microsoft Windows SMB Server (4013389) released in March 2017. Devices that were updated with the patch would have been automatically protected from WannaCry ramsomware but it is probable that many organizations, individuals may not have updated their systems or installed the update. Systems with older versions of Windows XP that no longer have mainstream support should refer to Microsoft’s blog for details of emergency security patches released in response to WannaCry.
- Keep Microsoft Windows Firewall turned on and properly configured at all times and enhance your protection more by setting up additional Firewall protection. Disabling Windows Script Host could be an efficient preventive measure, as well.
- Consider disabling Windows PowerShell, which is a task automation framework. Keep it enabled only if absolutely necessary.
- Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.). In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC. To ward off a strain of ransomware known as Cerber, disable Macros in your Microsoft Office programs.
- Make sure your antivirus, browsers, Adobe Flash Player, Java, and other system software or Applications are up-to-date. Fine-tune your security software to scan compressed or archived files, if this feature is available.
- Ensure you install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks.
- Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyberattack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process.
- Personalize your anti-spam settings the right way: Most ransomware strains are known to spread via eye-catching emails that contain contagious attachments. It is advisable to configure a webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr.
- Desist from opening suspicious looking attachments: This doesn’t only apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a financial institution.
- Be very heedful before clicking on links: Dangerous hyperlinks, especially shortened urls can be received via email, social media or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
- The Show File Extensions feature can thwart ransomware plagues, as well. This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. Cybercriminals may also utilize a confusing technique where one file can be assigned a couple of extensions. For instance, an executable may appear like an image file and have a .gif extension. In some cases, files look like they have two extensions – e.g., cute-dog.avi.exe ortable.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in MS Word documents.
- Consider disabling the vssaexe functionality in your system. This functionality built into Windows to administer Volume Shadow Copy Service is normally a handy tool that can be used for restoring previous versions of arbitrary files. In the framework of rapidly evolving file-encrypting malware, though, vssadmin.exe has turned into a problem rather than a favorable service. If it is disabled on a computer at the time of a compromise, ransomware will fail to use it for obliterating the shadow volume snapshots. This means you can use VSS to restore the blatantly encrypted files afterwards.
- Use two-factor authentication and strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk.
- Deactivate AutoPlay in your system. This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
- You may have to disable file sharing. By so doing, the ransomware infection will be restricted only to the infected system.
- Consider restricting remote services. Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it. For example, the Remote Desktop Protocol can be leveraged by the black hat hackers to expand the attack surface.
- Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device.
- Turn off Wi-Fi when not in use: It is known that hackers can launch a cyberattack on a computer system, a mobile device through vulnerable, unsecure Wi-Fi networks. Use very strong passwords to protect your Wi-Fi. Beware of using public Wi-Fi’s.
- Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system. The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.
- Tor (The Onion Router) Internet Protocol (IP) addresses or gateways are usually the preferred route for ransomware to communicate with their Command and Control servers. Hence, blockading such IP addresses may impede a malicious malware from infiltrating.
- Deploy an Intrusion detection system (IDS), such as AlienVault Unified Security Management (USM) which includes an inbuilt IDS with SIEM and real-time threat intelligence monitoring to help you swiftly detect malware and other threats in your network.
Written by: © Don Okereke
(Security Junkie/Analyst/Consultant, Writer)
CEO Holistic Security Background Checks Limited (RC 1407617)
Follow me on Twitter: @donokereke