How to Protect your valuable data from Ransomware

Post date: Aug 26, 2016 4:41:17 PM

What is Ransomware ?

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to restore access to their systems, or to get their data back.

Ransomware can be downloaded by unwitting users who visit malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.

Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password.

In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This screen also provides instructions on how users can pay the ransom.

The second type of ransomware encrypts files including word processing documents, spreadsheets, photos and other important files.

The cybercriminals behind ransomware make use of online payment methods such as Ukash, PaySafeCard, MoneyPAK or Bitcoin as a way for users to pay the ransom. However, paying the ransom doesn't guarantee the cybercriminal will restore your system or files to you.

Ransomware has evolved into one of the biggest threats to your precious data. Names like Locky, CryptoLocker, CryptoWall, and CTBLocker keep average computer users and IT personnel up at night. 

How to protect yourself from Ransomware ?

We recommend the following basic steps you can take :

1. Use fully updated Antivirus on all machines. The best defense is a good offense, try antivirus software with built in anti-ransomware  like Trend Micro™ Security 10. 

2. Use UTM/Firewall with gateway antivirus to prevent access to shady sites to protect users inside your network.

3. Protect data on the Central Server: Do not share folders on servers with unprotected computers & Do not allow main server/pc  to be used by anyone to prevent infection by accidental clicking of malware link.

4. Ensure you have accurate backups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. For backup I recommend that you use good cloud backup that can maintain multiple versions like idrive/backblaze/code42 etc. Even if the latest version gets encrypted you can restore the previous version.

Software  to protect from Ransomware ?

Malwarebytes Anti-Ransomware : This software monitors all activity in the computer and identifies actions which are typical of ransomware activity. It keeps track of all activity and, once it has enough evidence to determine a certain process or thread to be ransomware, blocks the infection and quarantines the ransomware before it has a chance to encrypt users' files.  

This is  beta software available for anyone to install and try out, but, there may be some bugs or issues that need to be worked out, so we encourage you to try it out in a non-production environment first.

Click Here for Link to download page.

Here is a video on how it works.

Anti-Ransomware Vaccine by Bitdefender: Anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.

“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”

Click Here to download the tool.   For more details visit this page.

I Got Infected By Ransomware. What Should I Do?

There are two (2) types of Ransomware: Lock Screen which limits the users from accessing the computer and Crypto (File Encryption) which encrypts files to limit users from accessing their files.