With each new ransomware that is released, the money being made and brazen criminal acts continue to increase. Starting with ACCDFISA and its installation through hacked Terminal Services, to CryptoLocker grabbing the media's attention and showing that there is big money to be made, to Critroni and the introduction of Elliptical Curve Cryptography, to TorrentLocker and its hammering of Australian residents, and to the CryptoWall campaign that just doesn't want to let up and continues to hammer computer users globally, Crypto-Ransomware has shown to be resilient and is here to stay.
That does not mean we have to sit here and take it. Instead we need to come up with new strategies and methods that we can use to protect ourselves and help to mitigate the risk from these types of malware. The following information, in no particular order, has been compiled to offer you a strategy guide on how you can protect yourself and your computer from current and emerging Crypto-Ransomware infections.
1. Backup your computer every night!
It is imperative that you backup your computer every night so that you have copies of all your most recently changed data. As Crypto-Ransomware encrypts data on any drive letters it detects, it is important to keep your backups in a location that is not mapped to your computer. It is suggested that you do not map your backup drive as a driver letter to your computer. Instead use backup software that can access a Network Attached Storage Device (NAS) via network paths or use a cloud backup solution instead.
If you do not want to purchase a NAS, then you should consider using a Cloud backup provider to perform nightly backups for you. As most cloud providers do not map your backup stores as a drive letter, they can safely be used to backup your data.
2. Make sure you have an anti-virus program installed and updated
I hate to say it, but in this day and age if you do not have anti-virus software then you are taking a foolish risk. Security software has become so competitive that buying a good commercial product is fairly inexpensive and provides protection that is definitely needed. I know some people will say that you do not need anti-virus software, but rather good education on how to use a computer. In my opinion you need both as mistakes do happen and an anti-virus program adds an extra layer of defense that we all need.
3. Become educated on what you should and should not do on the Internet.
The majority of Crypto-Ransomware is delivered in email attachments that pretend to be tracking confirmations, scans, or other business correspondence. Educating yourself to not open attachments unless you 100% know that they are being sent to you will diminish your risk considerably. It is important that everyone educates themselves on the proper way to stay safe on the Internet. Instead of going into details here, I suggest everyone read this guide we wrote a while back, but that still holds true today.
4. Enable file extensions in Windows
One of the methods that ransomware tricks you into executing their files is to make it appear as a harmless document. For example, the malware infector will come as a file called Statement.pdf and will display a PDF icon associated with it. To you this looks like a harmless PDF file. In reality, though, this file is actually called Statement.pdf.exe, but since Windows by default does not display extensions, you do not see the .exe extension at the end and know that it is an executable. Therefore, you double-click the file thinking it will open a PDF file, but instead you have just started the encrypting malware.
To prevent this, I strongly suggest that everyone enable the displaying of file extensions in Windows by following this guide:
5. Use Software Restriction Policies or CryptoPrevent to make it so the malware files cannot launch
Crypto-Ransomware programs typically launch from locations that programs are not supposed to execute from. This includes your desktop, User Profiles, and the Temp folders. Therefore, its fairly safe to make it so you are unable to launch executables from these folders by using a built-in Windows function called Software Restriction Policies. Software Restriction Policies allow you to create rules that determine what folders executables are or are not allowed to run from. By using these types of rules, not only do you restrict many ransomware programs from running, but also many other malware programs.
In order to setup Software Restriction Policies, you need to use the Group Policy Editor or the Local Policy Editor. If you are using Windows Home version, then you will not have access to these tools. Therefore, we suggest that everyone use a free tool called CryptoPrevent as it makes the task of setting up Software Restriction Policies very easy.
If you choose to purchase CryptoPrevent Premium for its additional features, you can get 30% off the price by using the coupon code bleeping30off. For full disclosure, BleepingComputer does make a commission for each sale.
More information and instructions on using Software Restriction Policies and CryptoPrevent can be found here:
6. Install a program that is designed to alert you when ransomware behavior has been detected.
SurfRight has developed a free tool called CryptoGuard that is designed to detect certain behaviors that encrypting ransomware exhibits and block the malware. Instead of containing definitions for each ransomware, CryptoGuard will instead monitor processes on the computer and if it detects behavior that is similar to how an encrypting ransomware would act, it blocks the process from running. For more information about CryptoGuard and to ask the developers questions, feel free to visit this forum topic.
By using these methods, you are sure to make your computer that much safer from Crypto-Ransomware and malware in general. If you have any other tips to share, please feel free to do so. We are all in this together!