Figure 1: Steps in preventing ransomware attacks | Source: http://www.bisinfotech.com/
If for the luckiest of chances you haven’t been hit by recent ransomware attacks, you are either very fortunate, or you’ve taken some anticipatory steps in safeguarding your computer and files. The evolution of ransomware virus over the last couple of years has driven the security organization to create a myriad of tools for blocking these types of threats from being executed on computers and not many of them are 100 percent bulletproof.
However, if your computer does get infected with a ransomware virus, and unless you have reliable backup systems or the cyber criminals have made some kind of cryptographic blunder, then you are left with no other recourse but pay or loss your clocked-up files forever.
But either way, prevention is still by far the best than a cure. Here are some of the most basic prevention steps, to wit;
1. Regularly back up your computers and servers and have the recent backup off-site -
Regularly backing up files on both the client computers and servers will always be the most appropriate first step. If you do not have a dedicated backup software, you can at least copy sensitive files to a removable media and be sure to eject and unplug the removable media when you're done. Backing up your computer files either offline or using a system that networked computers and servers can’t write also serves you the best.
2. Do not enable macros -
Lots of ransomware were distributed in Office documents that ruse users into enabling macros. However, in this case, Microsoft has just released a tool in Office 2016 that can limit the functionality of macros by averting users from enabling them on files and documents downloaded from the internet.
3. Locking down on mapped network drives registry -
To lock it down, fortify them with passwords and access control restrictions. Limiting user permissions will greatly restrict which files the threats can encrypt. Additionally, use read-only access for files on the network drives, except only when it is totally necessary to have write-only access for these files.
Figure 2: Intrusion Prevention System (IPS) | Source: https://gbhackers.com/
4. Enabling and deploying all available endpoint protection technologies -
Intrusion Prevention System (IPS) prevents a number of threats that traditional virus definitions alone cannot block. SONAR also provides real-time security, using heuristics analysis and reputation dataset in detecting emerging and unknown threats.
5. Downloading of the latest patches and plug-ins available –
Exploiting vulnerabilities that have been patched cannot be attacked. Attacks were historically delivered through phishing and web browsers. Sooner or later, it is to be expected that we’ll see some kind of attacks delivered through the vulnerability of web applications, such as JBOSS, Joomla, WordPress, etc.
6. Using security product to handle email safely –
Spam emails containing malicious attachments are often the methods of spreading ransomware threats, and the best solution so far is scanning inbound messages for threats with a devoted email security product or services vital to hold back types of ransomwares and other malware definition out of your organization.
7. Segmentation of the organization’s network.
Separating of functional areas with a firewall, say, for example, the client and server networks so that systems and services can only be really accessed if and only if necessary.
It is understood that in virtually all cases of ransomware attacks, ransomware encryption cannot be broken. It ever a client computer gets infected and data is encrypted, follow our best-listed steps below;
» First and foremost, do not ever pay the ransom.
Paying the ransom demanded will not guarantee that the attacker will provide you a means to unlock your computer or even decrypting your files. Additionally, the attacker will possibly use your ransom money to finance attacks against other users.
» Second, isolate the infected computer.
Quick detection is foremost. Isolating the infected computer before the ransomware can attack accessible network drives is the nevertheless the most appropriate.
» Third, restore broken or impaired files from a known trustworthy backup.
Same as other security products, endpoint protection systems cannot decrypt the files that ransom lockers have damaged. The best approach is to restore the files from a known good backup.
» Fourth, use an endpoint protection manager –
Some new endpoint protection definitions are likely to detect, identify and remediate the ransom lockers, such as the likes of Symantec Endpoint Protection Manager that can automatically download virus definitions for Symantec Endpoint protection to the client computer, for as long as the client is connected and managed by the Symantec Endpoint Protection Manager.