The ransomware epidemic keeps running rampant. It targets more and more businesses, rendering valuable files inaccessible through the use of strong cryptosystems like RSA.
This segment of cybercrime poses a huge underground economy. According to an investigative report, a single ransomware strain called Cerber may generate an annual revenue of about $2 million.
How can users counter such a powerful adversary? Believe it or not, prevention is a no-brainer in most cases. Importantly, it doesn’t necessarily imply any expenditures. Below is a list of worthwhile security practices to stay on the safe side free of charge.
1. Enhance your spam protection
Ransomware authors leverage botnets to generate big volumes of spam and thus spread their harmful loaders. Thankfully, most modern email systems have modifiable anti-spam features. Consider customizing your spam filter settings. Crank them up a bit so that virus-tainted emails don’t make it into your inbox.
2. Filter email extensions
Most ransom Trojans arrive with booby-trapped email attachments. Therefore, it’s a good idea to configure your email system to block incoming messages with potentially harmful content on board. These include files with the following extensions: .exe, .js, .zip, .rar, .docm, .rtf, .vbs, .scr, .bat, .cmd, and .pif. Any attachment that executes commands or activates bad MS Office macros should be off limits. So it’s really high time for you to toggle your email security settings.
3. Add Software Restriction Policies
As opposed to normal applications, ransomware processes tend to launch from AppData, LocalAppData, UserProfile, or Temp paths on host systems. By setting the appropriate Software Restriction Policy under Local Group Policy Editor, you can make sure nothing malicious executes out of these directories.
4. Rename vssadmin.exe
Having contaminated a Windows computer, most ransomware programs will attempt to delete Shadow Volume Copies by running the ‘vssadmin.exe Delete Shadows /All /Quiet’ command. This way, the infection prevents victims from restoring previous versions of their files. Therefore, it’s strongly recommended to assign the vssadmin.exe process a different name so that ransomware cannot thwart this vector of data recovery.
5. Keep Windows Firewall enabled
Most ransomware specimens reach out to their Command and Control servers to obtain private crypto keys. However, Windows Firewall and second-opinion firewall solutions can intercept and block this type of traffic, preventing the infection from scrambling one’s data and thus making the compromise incomplete.
6. Exercise caution with remote services
A threat dubbed the Surprise Ransomware hit the headlines some time ago. The attackers reportedly abused the TeamViewer remote support app to manually execute the infection on computers. To avoid predicaments like that, be sure to set up multi-factor authentication for logging into remote access services.
7. Use reliable VPN services
VPN hides your IP address from cyber crooks and makes it very hard for them to target your company. Most often, they look for more easy and vulnerable targets. Besides, when you share anything or transfer data using a VPN service, that information is always encrypted and can be reached by malware authors. Most free VPN services blacklist and block suspicious URLs.
8. Back it up
Finally, the rule of thumb is to maintain backups of important data that you cannot afford to lose. Thankfully, there are cloud services providing plenty of free storage space. Even a memory stick should suffice to keep extra copies of the most valuable files. Backups ensure an optimal security setup with no single point of failure.
These techniques are no panacea, but they can keep the majority of ransomware strains away from your computer. Once again, it’s difficult to overestimate the importance of data backups – that’s your best Plan B imaginable.
About the author:
My name is David Balaban. I am a computer security researcher with over 15 years of experience in malware analysis antivirus software. SAP community needs and wants great content on topics I am good at like infosec, IoT, blockchain. I wish to share my knowledge and experience here and connect with people who I might never have had any contact with otherwise.