Ransomware prevention best practices

Ransomware prevention best practices

Ransomware prevention best practices - Guide

What is ransomware?

Ransomware is a type of malware that takes control of a victim's machine or files and then seeks a ransom for them. Ransomware has been around since 1989. In the first few years of its existence, ransomware was a rare occurrence. In recent years, there have been epidemics of ransomware. The attackers have a financial motive to continuously create new types and variants of ransomware that will infect as many victims as possible, either in mass or targeted attacks.

So be prepared to defend against this threat. The more protection you do today, the more ready you will be tomorrow. Each of the following recommendations will help you reduce your risk of successful ransomware infections.

What to do when you suffer a ransomware attack

In case you have unfortunately become a victim of a ransomware attack, follow the instructions below.

Step 1: Disconnect everything

  • Disconnect computers from the network.
  • Turn off all wireless functions: Wi-Fi, Bluetooth, NFC.

Step 2: Determine the extent of the infection; check for encryption at the following locations

  • Mapped and shared disks.
  • Mapped and shared folders from other computers.
  • All devices that serve as network storage.
  • External hard drives.
  • All USB devices (USB flash, memory cards, connected phones/cameras).
  • Cloud storage: Dropbox, Google Drive, OneDrive, etc.

Step 3: Determine the type of ransomware

What type of ransomware is in question? For example Sodinokibi, LockerGoga, Ryuk, etc.

Visit the site www.nomoreransom.org - here, based on encrypted files, can determine which specific ransomware is in question and whether there is a decryptor for it.

Now that you know the extent of the infection (the number of infected/locked files) and know what type of ransomware you are dealing with, you can make a better decision about your next move.

Reaction 1: Restore files from backup

1. Remove ransomware from the infected system.

2. Locate the backup:

  • Make sure you have all the files you need.
  • Verify the integrity of the backup (e.g., whether any files are not loading or are corrupt).
  • Check Shadow copies if you can (it may not help with newer types of ransomware).
  • Check for earlier versions of files stored in the cloud (DropBox, Google Drive, OneDrive, etc.).
  • If your online backup data is also encrypted, proceed to restore the data from the offsite/offline copy.

3. Restore files from the backup.

Reaction 2: You are trying to decrypt files

1. Specify the type and version of the ransomware if possible (see Step 3)
2. Find a decryptor (may not exist for newer types).

If you were able to find it, follow these steps:

3. Connect all warehouses that have encrypted files (hard disks, USB sticks, etc.).
4. Decrypt the files.

Reaction 3: You have decided not to react (lose files)

1. Remove the ransomware.
2. Back up encrypted files if a decryptor appears in the future (optional).

Best Ransomware prevention practices

If you do not want to become a victim of ransomware. Or do not want to find yourself again in a situation where your data is being held hostage by cybercriminals. We advise you to take the following preventive steps:

1. Software prevention practices 

  • Make sure you have a Next-Generation firewall (and it's working). Next-Generation firewalls, like the Palo Alto Networks, have become the standard today. The time of MikroTik and classic Cisco firewalls is over, they practically only consume electricity and heat the room.
  • Implement antispam and / or antiphishing. You can do this either with software or through hardware designed exclusively for these purposes, such as a Fortinet device, or through a cloud service, such as Symantec Email Security cloud.
  • Make sure all employees in your organization are using some of the top-of-the-line antivirus software (and updated regularly).
  • Implement software restriction policies on your network to prevent unauthorized applications from running (optional).
  • Implement a rigorous patch procedure that updates individual and all applications that have vulnerabilities.
  • Conduct centralized event monitoring (SIEM), analysis, and appropriate actions/responses to them.

2. Backup prevention 

  • Implement a backup solution - software, hardware, or both.
  • Keep at least one copy of the backup offline/offsite.
  • Make sure all the files you need are backed up, including files from mobile devices and USB.
  • Make sure the files are safe, redundant, and easy to access.
  • Test the recovery functionality of your files regularly using backup/restore procedures. Test the integrity of files in a physical backup and the ease of recovering files from online and software backups.

Windows 10 Defender Ransomware Prevention Practices

Windows 10 Defender antivirus is built into Windows 10 and contains a "Ransomware Protection" option that protects against ransomware attacks.

How does Ransomware Protection work?

Windows Ransomware Protection works through two components: Controlled Folder Access and Ransomware Data Recovery.

  • Controlled Folder Access saves your data by monitoring all the folders you select in its options and watching for any changes. And this prevents the ransomware virus from locking such a folder.
  • Ransomware Data Recovery does not directly protect against the attack itself but immediately transfers and stores all your data on your Microsoft OneDrive account.

How to enable Ransomware Protection?

You can turn on Ransomware Protection by following these 5 steps.

  1. Open Windows Security
  2. Turn on - Virus and threat protection
  3. Scroll to "Ransomware Protection" and click on "Manage ransomware protection"
  4. You will see the "Controlled Folder Access" option. To turn on Ransomware Protection, drag to the right, and log in to Microsoft OneDrive. You can now choose which folders you want to save from ransomware attacks.
  5. Select the folders you want to protect

The fight against ransomware is an ongoing process. Regular updating of software and user knowledge is crucial for the success of the fight against this and many other cyber threats.

Previous Post Next Post