Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop Ransomware Before it gets in.


  • Please log in to reply
17 replies to this topic

#1 StarGehzer

StarGehzer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Ontario, Canada
  • Local time:06:32 AM

Posted 10 July 2016 - 07:48 PM

It seems that the topics in this forum are the much needed "I've been infected, what should I do" topics, but so far I've been lucky & have managed to keep my system clean (in spite of going to websites I shouldn't)

I've just spent time searching Bleeping Computer website looking for a thread or topic that explains or suggests how to block or stop ransomware before it gets a lock on a system. 

Today I read something saying, 'To guard against ransomware, an anti-virus program is not enough. We recommend using a next-generation firewall containing active intrusion-prevention technology.' I've never heard of this but a search got me to this page that compares intrusion-prevention technology. The software they compare all costs thousands of dollars! 

I'm hoping that there is (or soon will be) something on this website that offers suggestions and or instructions on how to keep from getting caught by those bleeping people who send out ransomware to infect our systems. 

If anyone could please point me (us) at what I'm looking for it would be much appreciated. 

Thanks



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:32 AM

Posted 10 July 2016 - 07:53 PM

Quietman7 has one of the most thorough boilerplate posts [saved for posting when needed] that gives the answer you seek.  Meanwhile, though, you can look into two products available that I know of:  Malwarebytes AntiRansomware and Ruiware's WinAntiRansomware.


Edited by RolandJS, 10 July 2016 - 09:07 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 AM

Posted 10 July 2016 - 08:02 PM

Emsisoft apparently has good protection against ransomware. Fabian and Toffee are constantly talking up how awesome the features in EAM are in all of our chats on different ransomware. :P

 

It all boils down to having a multi-layered defense, keeping your OS/software updated properly, and being cautious on what you click on.

 

Also, either way, BACKUPS ARE KING. Having a good cloud backup with retention/versioning will keep you from ever having to pay a ransom if you do get hit. I would recommend CrashPlan, Carbonite, or DropBox typically.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 StarGehzer

StarGehzer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Ontario, Canada
  • Local time:06:32 AM

Posted 10 July 2016 - 08:16 PM

Quietman7 has one of the most thorough posts [saved for posting when needed] that gives the answer you seek.  Meanwhile, though, you can look into two products available that I know of:  Malwarebytes AntiRansomware and Ruiware's WinAntiRansomware.

Thanks.. MBARW now installed. 

Here's a link to Ruiware's WinAntiRansomware in case someone is looking. (currently $38.00 CDN)



#5 StarGehzer

StarGehzer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Ontario, Canada
  • Local time:06:32 AM

Posted 10 July 2016 - 08:22 PM

BACKUPS ARE KING. Having a good cloud backup with retention/versioning will keep you from ever having to pay a ransom if you do get hit. I would recommend CrashPlan, Carbonite, or DropBox typically.

 

I'm currently looking for backup protection. I was thinking of running a NAS (network attached storage) or a server. While I'm sure the cloud is the future, I'm old & not ready for it yet. :)

Does anyone know, if ransomware DID get into my computer, should I expect files on the NAS or server to be affected?

(I'll follow up on your other notes, thanks.)



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:32 PM

Posted 10 July 2016 - 08:34 PM

Cryptoprevent is a great free addition to protect your system also.



#7 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 AM

Posted 10 July 2016 - 08:52 PM

 

BACKUPS ARE KING. Having a good cloud backup with retention/versioning will keep you from ever having to pay a ransom if you do get hit. I would recommend CrashPlan, Carbonite, or DropBox typically.

 

I'm currently looking for backup protection. I was thinking of running a NAS (network attached storage) or a server. While I'm sure the cloud is the future, I'm old & not ready for it yet. :)

Does anyone know, if ransomware DID get into my computer, should I expect files on the NAS or server to be affected?

(I'll follow up on your other notes, thanks.)

 

 

Ransomware will attack anything your computer has access to. A NAS is usually mapped or shared over the network, so it would definitely get hit. Same goes for a server, even if the files are shared by not mapped (some can still "discover" the share via SMB).

 

Cloud solutions really aren't too scary. They are very convenient, as they are (for the most part) set-and-forget. You can also access the data from any computer in the world in the event of an issue typically. It is automatic, so you don't have to worry about it. The versioning is the real benefit as well, since you can easily rollback to a previous date if the worst happens.

 

You can also simply use an external drive to manually backup data. Windows has a good scheduled backup built-in. It is recommended though, to unplug your external drive whenever you are not actively using it or backing up to it, as ransomware would simply encrypt it overnight when you aren't using it.

 

Honestly, the best solution is having a hybrid of both. I personally have a NAS that I backup larger videos and such to, DropBox (free plan) backs up my phone media to my PC, then CrashPlan backs up my whole network (about $8/mo for unlimited storage, I use about 600GB).


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#8 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:32 AM

Posted 10 July 2016 - 09:12 PM

One can also add into the backup routine one or more of the following:

-- USB 128GB sticks

-- DVDs

-- usb external platter-driven hard-drives

and, either one or more of the following or anything similar to: Acronis True Image,. Macrium Reflect [free or pay-for], and many other programs.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#9 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:06:32 AM

Posted 10 July 2016 - 11:16 PM

I would avoid a NAS. Ransomware is becoming more advanced every day, and we have seen several varieties that can encrypt attached network shares and external drives. I would recommend backing up on USBs and external HDDs that are not connected to the PC except when performing a backup operation.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 11 July 2016 - 05:39 AM

For the best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections, see my comments (Post #2) in this topic...Ransomware avoidance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:32 AM

Posted 11 July 2016 - 06:29 AM

And remember Quietman7's admonition through-out BC-land [paraphrasing by rjs]:  You, the end-user, are the primary, the most important, ingredient to ransomware avoidance.  You, the end-user, are the most responsible, the most accountable, in keeping ransomware out of your computer.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 11 July 2016 - 08:16 PM

Yes...the user is the first and last line of defense and security is a constant effort to stay one step ahead of the bad guys. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed.

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security

Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:06:32 AM

Posted 11 July 2016 - 10:32 PM

Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

If you want proof of this fact, google "social engineering". A master of this technique can make a victim's life a living death.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:08:32 PM

Posted 11 July 2016 - 11:08 PM

 

Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

If you want proof of this fact, google "social engineering". A master of this technique can make a victim's life a living death.

It takes a particular type of nativity to fall for a most social engineering tricks though. Everyone should learn the basics of of social engineering, and thus how to avoid it.



#15 graymatteron

graymatteron

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 12 July 2016 - 01:07 PM

Backups are definitely king here, as has already been mentioned.

 

I perform my backups using rsync to a linux server running rsync in daemon mode, this way my backup drives at least aren't exposed via CIFS / SMB or some other more familiar protocol.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users