Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Terrified of Ransomware. Best steps to take to prevent infection?


  • Please log in to reply
6 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 18 September 2017 - 05:22 PM

Hello everyone. I've made posts on this forum every now and then, but I just wanted to ask a question regarding a concern of mine. Personally, I'm terrified by the idea of ransomware, more particularly that anyone could encrypt all my data and, more than likely, cause me to loose all of it through either faulty decryption programs or outright deception. With this in mind, I try to keep to security practices rigorously, by running ESET and MalwareBytes on my systems, disabling flash/Javascript on my browser, and in general only visiting websites I trust and using programs I trust as well. In addition to this, I back up my systems continuously on external media. Is there anything else that I could be doing to better secure myself?



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:13 PM

Posted 19 September 2017 - 10:02 AM

HighTide1:

 

If you have the paid, premium versions of ESET and Malwarebytes, with real time protection, then you should have adequate protection against all currently known ransomware variants, although new ones are being created daily.

 

 

 

I back up my systems continuously on external media.

 

 

 

Your external backup media should only be connected to your computer long enough to back it up.  Personally, I do full system images weekly, and backup changing files, in between, to USB flash drives, that are only connected to do the file copies.  If your external backup drive is permanently, or semi-permanently connected, then ransomware could infect the files on that external media.

 

The other important security component is ensuring that your operating system has all available updates/patches, and that all vulnerable programs, like Adobe Acrobat, Flash Player, etc., are always fully updated to the latest versions.

 

I don't worry too much ransomware infection.  If you have recent, secure backup images on external media that is not connected to your computer, and you have created Emergency Recovery bootable disk(s) for whatever backup program(s) that you are using, then the most that a new ransomware infection would do is cause you to lose an hour or so to recover a good image of your computer.  Personally, I worry more about Windows Updates "borking" my computer, which has happened to me in the past, but from which I was able to successfully recover, via my backup strategy.

 

Hope this helps.  Have a great day.

 

Regards,

-Phil

 


Member of the Unified Network of Instructors and Trusted Eliminators


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:13 PM

Posted 20 September 2017 - 02:35 PM

Security is all about layers and not depending on any one solution, technology or approach to protect yourself from cyber-criminals. The most important layer is you...the first and last line of defense.

The best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections is a comprehensive approach. Make sure you are running an updated anti-virus and anti-malware product, update all vulnerable software, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, close/disable Remote Desktop Protocol (RDP) if you do not need it and routinely backup your data...then disconnect the external drive when the backup is completed. If you must use RDP, the best way to secure it is to either whitelist IP's on a firewall or not expose it to the Internet. Put RDP behind a firewall, only allow RDP from local traffic, setup a VPN to the firewall and enforce strong password policies, especially on any admin accounts or those with RDP privileges.For more suggestions to protect yourself from ransomware infections, see my comments (Post #2) in this topic...Ransomware avoidance.

Also see Answers to common security questions - Best Practices for Safe Computing.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 stevehigdon

stevehigdon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 26 September 2017 - 09:10 AM

Very often I have seen that ransomware is spread through phishing emails with malicious links or attachments. I think the key to prevention is two-fold.

 

First, you need to pay attention to what you are clicking on. If you have any suspicion at all, you need to investigate further. Never click on links in emails if you cannot verify the source. 

 

Second, you have to ensure that you are up to date on all patches for software in your environment. Most of the time (look at NotPetya and others), the ransomware exploits vulnerabilities that have been around for a long time. By continuously patching your systems (either manually or automatically), you greatly reduce the likelihood of infection.

 

The other tips mentioned also work very well. Regularly backing up your data and having some sort of host-based real-time security solution can also reduce impact. Always plan for the worst.



#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,515 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:13 PM

Posted 26 September 2017 - 09:51 AM

First, you need to pay attention to what you are clicking on. If you have any suspicion at all, you need to investigate further. Never click on links in emails if you cannot verify the source. 

 

 

If this one, simple rule were followed I am convinced that well over 95% of infections of all types would be avoided.

 

I have said, many times, that most infections are invited in by the user; it is a rare infection that comes in via the metaphorical back door.

 

All antivirus, antimalware, and other defensive software expend most of their resources either cleaning up after the fact or trying to block something that the user tries to download.

 

Your best defense involves thinking before you click.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#6 stevehigdon

stevehigdon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 26 September 2017 - 10:01 AM

 

First, you need to pay attention to what you are clicking on. If you have any suspicion at all, you need to investigate further. Never click on links in emails if you cannot verify the source. 

 

 

If this one, simple rule were followed I am convinced that well over 95% of infections of all types would be avoided.

 

I have said, many times, that most infections are invited in by the user; it is a rare infection that comes in via the metaphorical back door.

 

All antivirus, antimalware, and other defensive software expend most of their resources either cleaning up after the fact or trying to block something that the user tries to download.

 

Your best defense involves thinking before you click.

 

Absolutely. I've always said that the best technology and policy to address security issues like this do a fantastic job at addressing yesterday's issues. Only through awareness, training, and education (empowering the people) can you hope to address the threats of today and tomorrow.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:13 PM

Posted 26 September 2017 - 02:59 PM

Very often I have seen that ransomware is spread through phishing emails with malicious links or attachments...

Crypto malware (ransomware) and other forms of malware spread via a variety of common vectors...opening a malicious or spam email attachment, executing a malcious file, web exploits, exploit kits, malvertising campaigns, non-malware (fileless) attacks, drive-by downloads and RDP bruteforce attacks against servers particularly by those involved with the development and spread of ransomware.

Section :step2: in this topic explains in more detail the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users