Let us Picture this: You’ve spent the last few weeks working on an important document of your organization. The document prepared contains all the secret marketing and development planning.
When you finally finish the document, you go to copy the file onto a Pen drive and—what the?—a strange message pops up.
“Unfortunately, the files on this computer have been encrypted. You have 96 hours to submit payment to receive the encryption key, otherwise, your files will be permanently destroyed.”
You’ve been hit with ransomware.
You didn’t back up the document. In fact, you haven’t backed up any of your files in months. What do you do?
Unfortunately, when it comes to ransomware, once your files are encrypted, there’s not much you can do—besides cut your losses or pay up. And even if you do pay up, there’s a chance you won’t get your files back, so you’re out the files and your cash.
That’s why it’s so important to prevent ransomware attacks from happening in the first place.
The first step in ransomware prevention is to invest in awesome cyber security. Start with an antivirus and start using continuously monitoring security applications which are specifically designed to thwart advanced malware attacks such as ransomware.
Some basic tips to prevent from ransomware:
- Backup Your Data
All your data should have a regular backup in the different medium like cloud storage, USB drive or External drive so that even in a worst case scenario you can still have access to your data.
- Think Before You Click.
Almost every Ransomware spread through the Internet through file-sharing websites, attachments from an email, files, and links to file downloading websites shared in social networking websites. So, whenever you saw an attachments or any links always think before you click, and make sure the link and file you are downloading are from a trusted source.
- Hardening Your Anti-Spam Filters.
Many spams emails contain eye-catching messages and are attached with Ransomware which when clicked by users gets your machines infected. Make sure your Anti-Spam filters are enabled and you are disallowing file extensions like .exe, .vbs, or .scr in mail server to block all suspicious attachments.
- Don’t Open Suspicious Attachments.
Always suspect a file that is attached to your emails or shared in social networking websites. Don’t open any files that you suspect, and in case you need to open those files make sure you open it in an isolated virtual environment.
- Use show file Extension Settings.
This is a settings feature in Windows that permits you to effectively tell what sorts of documents are being opened. An attacker can hide malicious code in different file format like in images e.g., movie.avi.exe or account.xlsx.scr to execute their hidden command, enabling this setting would allow you to see what file extension files you are opening.
- Always update.
Make sure your system is always updated, updates usually contains critical patches to several security vulnerabilities.
- Turn Your Firewall On.
Every system has its own firewall make sure your Firewall is enabled and properly configured.
- Scan all Compressed and Archived File.
Many malicious code and file are inside a compressed file, use anti-virus and scanners to scan that compressed file before opening.
- Disabling Windows Script Host.
- Disable windows Powershell.
Windows PowerShell is a framework for task automation, it must only be enabled when necessary.
- Enhance Security of Microsoft office component.
Blocking external content is a dependable technique to keep malicious code from being executed on the PC.
- Block Popups(ad-blocker).
Pop-ups are the entry point for trojans and malware, adding add-on or extensions for blocking popups can reduce entry point for trojans and malware.
- Deactivate Autoplay.
Disabling autoplay will block harmful process to run from external media devices like USB and external hard drive.
- Define Software Restriction Policy.
Software restriction policy should be defined by the user to stop executing automatically files in their system or process places like ProgramData, AppData, Temp and Windows\SysWow.
- Block known-malicious Tor IP addresses.
Tor network(gateway) is used to communicate with command and control server, blocking tor network connection is a good way to prevent malware from communicating to control server.
If you are the victim of Ransomware and need incident response service, then please do contact us
471-Anamnagar, Kathmandu, Nepal