An Updated Ransomware Prevention Guide

Ransomware is a billion dollar industry which shows no signs of slowing down.  A large scale outbreak like WannaCry shows that virtually anyone can create a ransomware campaign and effortlessly deploy it to millions of computers in a matter of minutes.  With this growing threat, we need to be ever vigilant in protecting ourselves.

If there is one positive outcome from WannaCry, it’s that it started a conversation about ransomware on a global level.  As an IT consultant, I had clients calling me up and asking about it and how they can protect themselves.  These are clients who were never interested in services that would help protect them when I recommended the services.  Don’t ever think that it can’t happen to you.

How Does Ransomware Spread?

To protect yourself, you need to know how ransomware is spread.  There are three common ways of spreading ransomware which are:

  • Malicious emails
  • Illegitimate downloads
  • Hacking

Malicious Emails

Commonly, ransomware is spread via a malicious email.  The email typically contains an attachment that the victim will need to open.  This starts the infection process as the attachment contains malicious code which will install the infection.

Imagine this scenario; you work for a large company that is growing.  Your company has job postings out to help fill some positions.  Your HR manager receives an email with a résumé attached as a Word document.  Without thinking twice, she opens the Word document.  She notices a message that says she needs to enable content to view the résumé.  Thinking nothing of it, she follows the directions.  Next thing you know, all the files on the server are encrypted.

This scenario plays out all too often and always has the same result.  Whether it’s a résumé sent to HR or an invoice sent to the accounting department, malicious emails have been the go-to tool for cyber criminals looking to infect networks with ransomware.

Illegitimate Downloads

Another common tactic is to hide ransomware in downloads for pirated movies, music and software.  In this method, an attacker will present what appears to be a movie, music or a piece of software.  The media files may look legitimate, but they could be hiding the infection behind the file extension.  For pirated software, the infection may be in the code of the software itself or part of the program packed with the software meant to crack or patch the software to circumvent the serial number or activation.

Picture this; your son is browsing his favorite pirated downloads site.  He happens upon a download for Adobe Photoshop.  He downloads the program and installs it.  He executes the patcher which kicks off the infection.  Before you know it, all of the pictures on your computer are encrypted and there is a note demanding $500 for their release.

Hacking

With this method, an attacker will actually remotely log onto your PC and deliver the ransomware.  The attacker will utilize remote access tools such as Microsoft Remote Desktop, LogMeIn or TeamViewer.  This type of attack is more common against businesses since they can potentially offer their employees the ability to work from home in the event of inclement weather.

As far as remote access tools go, Microsoft Remote Desktop is the most common vector for small to medium sized businesses.  This is due to its ease of setup and low cost.  Microsoft Remote Desktop is built into most versions of Windows and is free to set up.  This ease allows attackers to access your computer.  An attacker may scan the network for open ports.  Once an open port is found, they will connect using Microsoft Remote Desktop and attempt to guess the password by using a brute force attack.

WannaCry was spread a little differently.  It was a worm that spread by exploiting holes in the SMB protocol.  It would scan networks for open ports then get in via a public facing server, such as a corporate web or email server.

How Do I Protect Myself?

When it comes to emails, exercise caution.  Always scan attachments for viruses before opening them.  If you get a Word document that is asking you to enable content, don’t do it.  Don’t just exercise caution with emails from unknown senders, exercise the same caution with emails coming from known and trusted senders.  If someone you know sends you an emails that is uncharacteristic of them, contact them and ask them if they intended to send you that email.

Infection via illegitimate downloads is very easy to avoid.  Simply don’t download pirated software, music or movies.  Not only is it very risky but it is also illegal.  When downloading software, always download it directly from the vendor or through an authorized retailer.  Just like email attachments, always scan these downloads for viruses.

Hacking is also easy to protect yourself from.  Something as simple as using strong, unique passwords for your accounts will go a long way.  A password manager such as LastPass helps make this easier by generating random passwords for each of your online accounts.  Additionally, use two-factor authentication where possible.  Two-factor authentication goes a step further since you are authenticating with something you know, like a password, and something you have, like your mobile phone.

Updates and Antivirus

It is very important to keep all the software on your computer up to date.  Developers are continually releasing patches to help protect against ransomware.  Windows and most antivirus programs are configured to update automatically by default.

Use a good antivirus product.  I found that Windows Defender is good at detecting known strains of ransomware.  If you want better protection, a good option is Sophos Home Premium, which is currently in beta.  It features an anti-ransomware component which uses behavioral analysis to detect and stop ransomware before it does any damage.

Protect Your Data

A backup is paramount to protecting yourself.  Your best protection is a cloud-based backup provider such as Crashplan.  The reason cloud-based backups are superior is because ransomware will target all the local drives on a computer.  If your backup drive is connected, it can be attacked by the infection, rendering your backups useless.

What action have you taken to protect yourself from ransomware?  Share them in the comments.