Preventing Ransomware (Tips/Insights)

There’s a real possibility that your computer can get infected with ransomware. Ransomware is the most frequently used form of malware today. You’ve probably heard about it in the news. But, do you know how to protect yourself from ransomware? We’ll tell you here.

How Do I Protect Myself From Ransomware?

You must take ransomware seriously, educate yourself about all the ways your computers could get infected, and the steps you should take to prevent it from landing on your computers in the first place. You can do this with security tools provided by your IT company and by practicing safe internet browsing and email use.

What Happens If I Get Ransomware?

Ransomware encryption denies access to your computer system or data until you pay a ransom. You can get ransomware from phishing emails or by going to an infected website and getting the virus from there. When you get ransomware, malicious software will lock down your computer’s files unless you agree to pay.

According to a Q4 2018 Global Ransomware Marketplace Report, the average ransom increased by 13% to $6,733 in Q4 2018 compared to Q3’s $5,973. Bitcoin is still the most popular currency demanded by ransomware attackers, at 98%.

How Can Ransomware Get Into My Computer?

If you visit an infected website, you could unknowingly download a ransomware virus to your computer. Or a phishing email might trick you into clicking on a malicious link or attachment that downloads a ransomware virus into your computer.

Phishing emails are designed to appear as though they’ve been sent from a person who you know. They will try to entice you into clicking on a link or opening an attachment containing malicious code. After the code is run, your computer is infected with malware.

Are There Different Kinds Of Ransomware?

There’s more than one kind of ransomware. Viruses like CryptoLocker, CryptoWall, Locky, WannaCry, Petya, NotPetya, Crypto, Bad Rabbit, Eternal Blue and more are designed to deny access to your data or network until you pay a ransom.

The WannaCry and Petya ransomware viruses spread via a vulnerability in Microsoft’s Server Message Block (SMB) network file-sharing protocol that’s widely used. It helps your computers connect to other computers and devices like printers.

Ransomware falls into three categories: Encrypting Ransomware, Scareware and Screen Lockers.

1. Encrypting Ransomware

This is a virus that locks down your files by encrypting them. There’s no software available that can unlock your files when this happens. The criminals who send the encrypting ransomware will demand a ransom to decrypt your files. Even if you pay the ransom, you still might not get your files back.

2. Scareware

Scareware uses rogue security software and tech support scams to entice you. When this happens, you’ll get a pop-up message on your computer claiming that it’s infected with malware. But you should ignore this because your files are just fine. However, If you do ignore it, you’ll continue to get this pop-up message.

3. Screen Lockers

If you get this type of ransomware, you’ll be locked out of your computer. You’ll see a message posing as the FBI or Department of Justice saying that you must pay a fine because illegal activity was detected on your computer. Don’t pay this “fine.” The FBI or DOJ would never freeze your computer or demand payment. So, don’t take the bait.

Can Ransomware Infect My Mobile Devices?

It wasn’t until 2014 and the height of the infamous CryptoLocker that ransomware started showing up on mobile devices. Mobile ransomware typically displays a message saying your device has been locked because of illegal activity. It says that you must pay a fee to unlock your device.

You can get mobile ransomware when you download malicious applications. To remove it you should start your mobile device in safe mode. Then you must find the malicious app and delete it.

How Can I Protect Myself From Ransomware?

The best way to protect your computers from ransomware is to prevent it from infecting them in the first place. Here are some ways that you can protect yourself from getting ransomware:

• Update your software and operating systems with the latest patches. Outdated applications and systems are the targets of most attacks.
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Configure your firewall to block access to known malicious IP addresses.
• Be suspicious of unsolicited email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Don’t provide personal information or information about your organization unless you are confident of a person’s authority to have the information.
• Never click on links or open attachments in unsolicited emails. Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
• Follow safe practices when browsing the Internet. Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization’s helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Look for https in the URL, which indicates the site is secure.
• Perform frequent backups of system and important files and verify those backups regularly. If ransomware affects your computer, you can restore your system to its previous state with any files unaffected by ransomware. And store backups on a separate device that can’t be accessed from a network or offline in a secure cloud solution.
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Don’t use the contact information provided on a website or email connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from anti-phishing groups.
• If other people or employees use your network, restrict their permissions to install and run software applications. Apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
• Use application whitelisting to allow only approved programs to run on your network.
• Enable strong spam filters to prevent phishing emails from reaching you and authenticate inbound emails to prevent email spoofing.
• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching your computer.

How Can A Firewall Block Ransomware?

Today’s modern firewalls are built to defend against ransomware. The right firewall and Intrusion Prevention System (IPS) helps to prevent viruses from getting into your computers.

Your IT company should implement a next-generation firewall with Intrusion Prevention Systems (IPS). These can keep ransomware threats from getting into your network and stop them from self-propagating and infecting other computers and systems.

An IPS collects the malicious traffic coming into your network and only lets the clean traffic through. It also performs what’s called deep packet inspection of your network traffic to detect exploits and stop them before they reach any of your computers. The IPS monitor for and identify suspicious activity, logs the data, attempts to block it, and reports it to your IT services company.

This right IPS uses a tactic called sandboxing. It puts malicious programs in a separate place, so they can’t spread throughout your network. Ransomware like WannaCry and Petya spread like worms; they can lurk in files like Microsoft Office documents, a pdf, or updates for applications. Hackers can make these files appear valid and hide the malware. This is why sandboxing is essential for any IPS.

Ask your IT Services Company to:

• Use a modern, high-performing next-generation firewall, IPS and sandboxing solutions.
• Perform network assessments to detect all security gaps in your network.
• Set up a Virtual Private Network (VPN) to detect any IT assets that are vulnerable.
• Establish IPS policies to prevent malware from spreading to other LANs.
• Ensure that any infected network is automatically isolated until they can eradicate the infection.
• Segment LANs, using VLANs (Virtual Local Area Networks) and connect them all together to you next-generation firewall.

Using VLANs allows your computer to communicate through a virtual environment to protect it from any ransomware or other viruses that may be circulating in your network. Extending VLANs or zones into your firewall takes security to the next level.

Need more information about protecting yourself from ransomware? Check out these articles:

Security Update: What’s PhishPoint?

What Is The Estimated Cost Of Your Next Ransomware Attack?

Tech Education: What Is A Firewall?

Author: Joe Martin, Date: 2019-04-20