Geek's Advice

Protection against ransomware is essential as attack cases increase

Protection against ransomware is essential as cryptography-based computer viruses can corrupt your personal files for good. Such type of malware is created, improved and distributed worldwide daily and generates enormous revenue for cybercriminals daily. Unfortunately, it is a very successful cyber weapon used by criminals for money extortion, and many victims still decide to pay up only to be deceived by hackers again. Some of the most widespread ransomware threats nowadays are called STOP/DJVU, DHARMA, PHOBOS, IGAL, QLKM.

Ransomware is a malicious computer virus that corrupts files on an infected system and demands a ransom. Typically, viruses like WannaCry or STOP (DJVU) ransomware use AES or RSA encryption to cipher data securely, and there is no way to roll-back this procedure without secret keys that are transferred to Command&Control center by the virus.

During the data encryption, the malware appends specific file extensions to file names, making it evident that files were somehow modified. Next, ransom-demanding virus drops a ransom note, which holds information regarding the ransom payment. The malware creators expect victims to transfer payment, usually in cryptocurrency, to a provided crypto-wallet address in a given time period.

Ransomware authors threaten the victims to keep their files locked forever, delete them, or publish them online if the victim decides not to pay up. We all keep essential data on our computers and smart devices, and unexpectedly losing them is the last thing we want. Our work, personal memories, collections of files that are important to us can disappear in thin air instantly.

Certain ransomware types are capable of posting some of victim’s data to their C&C server and threaten the victim to publish it online if their ransom demands are not fulfilled in time. Moreover, some of these crypto-viruses can function as additional malware droppers to deliver Trojans like Azorult, Occamy or Glupteba.

Therefore, it is a must to take every possible action to protect a computer from ransomware attack.

Ways to prevent ransomware attacks

There is no golden rule when it comes to ransomware avoidance. In reality, you have to follow a certain set of rules to keep your files safe and computer system clean.

It can be hard to keep up with the latest distribution tricks used by malware developers, so we have prepared a list of do’s and don’ts. Follow the given guide on how to prevent ransomware attacks in 2019.

1. Backup your data

Backup is the best way to protect your data. Security professionals never get tired of repeating this advice; however, users tend to delay this task until its too late. No matter how good your security software is, it can fail, too.

Therefore, having a data backup is simply a must. You do not have to back up everything – the most important files are enough. We tend to stick with good old portable storage devices – USB, CD or hard drive. Some ransomware viruses tend to corrupt files stored in online data clouds, so it might not be the most reliable option.

2. Install software and OS updates

Having an up-to-date system and software means having the best possible versions of these at the time. Keeping and using outdated software increases the chances of getting your PC hacked or infected. To prevent ransomware attack, install updates regularly. People using Windows 7 and newer versions of this OS can enable automatic updates, so make sure you use this feature, too.

Software developers release updates to fix bugs, vulnerabilities, and errors in software. Installing them means patching weak spots in the software and block hackers from exploiting them. We won’t go into details how hackers do it, but believe us – they quickly take advantage of outdated systems, as this gives them a chance to attack many systems at once.

3. Be careful online

Being careful online is a crucial factor that helps to prevent ransomware attacks. However, the best way to stay safe is to develop kind of a gut feeling what is right and what is wrong online. It is hard to explain, but we suggest following these tips from us to recognize dangerous content online:

• Do not open emails from someone you did not expect to write you. It doesn’t matter whether it is someone claiming to work at Amazon or another trustworthy company, do not open links and attachments inserted to the message. Doing so most likely delivers a malicious payload which destroys your data for good. Criminals are actively using parcel delivery companies’ names (such as DPD, DHL, UPS) to trick victims into opening malicious content during these COVID-19 pandemic times.
• Avoid eye-catching but suspicious links and ads. If something looks too good to be true – believe us, it most likely is. Clicking on shady content can trigger series of redirects leading to infected or tech-support-scam promoting websites. Be extremely careful about strange-looking links sent by strangers or your contacts on social media platforms. We suggest reading more about Facebook viruses to get the idea of how attackers act.
• Don’t rush. Some people hate pop-ups, especially if they do not understand what the purpose of them is. Therefore, they start clicking anything to get rid of them. If you notice some pop-ups on your screen, do not panic and carefully close the ad or page. Read what the pop-up says and make sure it can be closed safely. You can also get rid of shady pop-ups and websites that prevent closing them via Windows Task Manager.
• Use strong passwords. Make sure you use a tough combination of upper and lower letters, digits and symbols as this complicates the brute-force method for hackers. In other words, such passwords are much harder to auto-guess using special software.
• Stay away from torrents promoting software cracks or keygens. Such illegal downloads are known as a primary distribution vector for some of the most prevalent ransomware strains today, such as STOP/DJVU. Tools like that or KMSPico are used to activate premium software licenses for free; unfortunately, instead of doing that, they might encrypt all of your files as it turns out to be a ransomware in disguise. Please, obtain legitimate software license keys from their official vendor’s websites only.

4. Choose and install reliable security software

Reliable security software does not need to be a paid product. There are many trustworthy security programs available for free. However, you should also remember that paid versions typically offer a rich set of useful features and guarantee better protection against ransomware and other types of malware.

An important tip is to keep your security software up-to-date, too. Besides, we want to warn you to choose an antivirus or a strong anti-malware, but not anti-spyware software. Most anti-spyware programs are not designed to fight against complicated viruses such as ransomware or trojans. If you have no idea which security product is worth your time or money, we suggest checking software reviews provided by our team.

5. Consider installing anti-ransomware tools

One of the methods to prevent ransomware attack is to install special anti-ransomware tools. Here are some trustworthy free tools that help to keep your system ransom-virus free:

• BitDefender Anti-Ransomware Kit. This tool helps to avoid CTB-Locker, Locky, Petya, TeslaCrypt malware strains.
• Kaspersky Anti-Ransomware Tool For Business. Compatible with other security programs, it scans and blocks crypto-malware and allows to roll-back malicious actions.
• McAfee Ransomware Interceptor. Blocks ransomware encryption attempts and uses heuristics and machine learning to identify data-ciphering malware.
• CyberSight RansomStopper. Machine learning, pre-execution behavioral analysis, ransomware avoidance, usage of honeypots and compatibility with most antivirus solutions are just a few features you get for free.

6. Disable SMBv1

Disabling SMB (Server Message Block) adds extra protection against ransomware like WannaCry, which leverage SMB vulnerabilities to attack computer systems. You can easily disable SMBv1 by opening Windows Powershell and typing a command into it.

1. Right-click Windows menu icon and select Windows Powershell (Admin). When User Account Control table appears, click Yes.
2. The Powershell then appears on the screen. Type the following command and press Enter:
   Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
3. Wait until the process is over and then type Y and press Enter to restart your PC.

7. Disable Remote Desktop Protocol

Remote Desktop Protocol, also known as RDP, is a Microsoft Windows utility that allows remote connections to your computer. In Windows 10, RDP feature is disabled by default, but users are advised to double-check the situation. To disable RDP in Windows 7, 8, 8.1 and 10, follow the given guide:

1. Type Advanced System Settings in Windows search and open the matching result.
2. Open Remote tab. Here, make sure that Don’t allow remote connections to this computer option is checked. Click Apply and OK to confirm.

These are current suggestions for ransomware protection in 2021. If you have any other insights to share with our community, do not hesitate and let us know in the comments section below.

This article was first published on January 9th, 2019, and updated on January 5th, 2021.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.