If you’ve seen our first article describing what ransomware is, and how it’s come about (click here to read it…), you’ll know that the best solution is to prevent the beast infecting your PC in the first place.
But there is more to it than that, of course. So we’ve compiled a list of actions one can take to either mitigate its impact, or stop it hitting, to get you thinking and taking action.
What can I do to protect myself from ransomware?
- Have a good backup procedure – Ideally it should be serialised, rather than a simple all-in-one backup. This is just in case the ransomware has a delay mechanism embedded before being triggered. By having a serialised procedure, you may at least ensure that older versions of files are still available if later versions have been tainted by the malware. The key is to make sure you don’t overwrite your backups with compromised files!
- Have a layered approach – This effectively means utilising a security approach that incorporates ant-virus software, web filtering, and firewalls. The benefit of this approach is that if you inadvertently download a ransomware variant because it is so new it’s got past your anti-malware software, it may still be caught by a firewall when it attempts to connect with its Command and Control (C&C) server to receive instructions for encrypting your files.
- Restrict ‘App Data’ or ‘Local App Data’ folders – It’s thought that ransomware will often run an executable from the App Data or Local App Data folders, so ask your IT support team to restrict this.
- Keep your security patches up to date – Don’t think that once you’ve got your layered approach in place that you can just forget about it all. It’s important to continue to apply patches when they’re issued. Currently, though this may change, ransomware attacks tend to be opportunistic and simply focus on vulnerabilities rather than specific end user targets. So by keeping security patches up to date you help to protect your system from attack.
- Lock down ‘privileges’ – The fewer employees with administrative or global ‘privileges’ in your system set up… the better.
- Don’t open emails with attachments unless you’re sure! – If you can filter out emails with .EXE files attached before they hit your inbox, then do so. If in the event you do need to receive such files in the future, you can always introduce a procedure to exchange them via the cloud or password protected ZIP folders. But even if you can’t filter them out at source, DON’T OPEN THEM! Simples.
- Set your system to show hidden file-extensions – One way that ransomware arrives is in the form of a file that is named with the extension “.PDF.EXE”… though it might be hidden in a zip folder too. The ransomware then relies on Windows’ irritating default behaviour of hiding known file-extensions. If you get your IT support professional to re-enable visibility of full file-extensions, you are more likely to spot suspicious files coming in.
- Don’t enable macros – Ransomware often relies on users enabling macros hidden in office documents. As you would hope, Microsoft has released a tool in Office 2016 to limit the functionality of macros and prevent you from enabling them on documents downloaded from the internet… use it!
What should I do?
If you get hit with ransomware, the first thing to do, though, is not panic. Pick up the phone and give Blue Sky Computer Solutions a call!