Six steps to protecting your PC or network against GoldenEye, WannaCry and other ransomware.
Ransomware is now an ever-present threat, as evidenced by the latest GoldenEye and WannaCry outbreaks, as well as many other active ransomware threats.
See our Ransomware survival guide if you’ve been already infected by ransomware – although it’s far better to avoid that misfortune in the first place.
Thankfully, there are simple, common-sense steps you can take to help avoid ransomware:
- Don’t open email attachments from senders you don't recognise, even if they look very convincing
- If you receive a document from an unknown source, don’t open it and definitely don’t enable editing in Word as this will allow macros to run, which can be also used to download the ransomware
- Avoid clicking links on dubious-looking websites
- Make sure that all your software, including installed plugins, is up to date, because as we have seen with WannaCry, hackers use these vulnerabilities to attack your PC
- Install security software that can prevent an infection from encrypting files on your PC.
- Make sure you regularly back up.
The first two issues can be mitigated to some extent by using an email security service such as MailGuard.
However, the first three measures also rely on the user’s behaviour, so if you’re the owner or IT/security manager of a business, regularly educating staff on these three points should be a key part of your defence plan.
Updating software
WannaCry was rapidly propagated on networks via a Windows server message block vulnerability. That vulnerability was patched by Microsoft in March, yet clearly many organisations had yet to update their systems two months later.
It’s yet another example of why timely patching applications and operating systems are number two and three on the Australian Signals Directorate’s highly regarded Essential Eight cyber security strategies.
Individual users and small businesses can be protected by turning on automatic updates in Windows and their applications – or accepting updates when prompted to do so – and only using software that’s supported by the vendor.
Large organisations need to have a strategy of patching their systems in a timely manner. Patch management tools or the likes of Flexera Software’s Software Vulnerability Management solution may help.
The ASD discounts the idea that updates must be rigorously tested before they are deployed: “There is often a perception that by patching a system without rigorous testing, something is likely to break on the system. In the majority of cases, patching will not affect the function of an organisation’s ICT system. Balancing the risk between taking weeks to test patches and patching serious vulnerabilities within a two-day timeframe can be the difference between a compromised and a protected system.”
3-2-1 backup!
Most importantly, it’s vital that you back up all your documents and other important files to the cloud and/or another drive not connected to your PC or the network.
That means syncing to a cloud service like Dropbox – on its own – isn’t good enough. As the ASD says in its Essential Eight cyber security strategies, it’s vital to back up to a location that is otherwise not connected to the network or a computer, because ransomware and other malware can “encrypt, corrupt or delete backups that are easily accessible”.
We have published plenty of articles describing ways to back up your systems along with reviews of relevant products. The best advice is to follow the 3-2-1 rule – have at least three copies of your files stored in two different formats, with one copy stored off-site (so, not on your PC or hard drive).
Creating regular images of your drive that you can install in the event of an attack is also worth doing. Beware of using a backup that’s too recent though, in case it contains a copy of the ransomware that attacked the system in the first place.
Install anti-ransomware software
There are several tools from major software security companies that can protect your device from common types of ransomware.
Here are just a few:
- Avast
- Bitdefender Anti-Ransomware (or one of its full security suites)
- CryptoPrevent
- Cybereason RansomFree
- HitmanPro.Alert
- Malwarebytes
- Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)
- Trend Micro Ransomware Screen Unlocker Tool (or Trend Micro Security)
- Zemana Anti-Malware
Note that this list is by no means comprehensive, and we have not tested the above software. Bear in mind that some need to be run manually (they don't safeguard your system in real time) and most only protect against certain types of ransomware.
We strongly advise looking on anti-ransomware tools as only part of a multi-layered approach to ransomware defence. Don't forget the other five important steps.
This feature is based on an article that originally appeared at IT Pro.
