Tips to Avoid Having Your Computer Hijacked by Ransomware.

Jay Leiderman
By: Jay Leiderman
October 28 2016

Tips to Avoid Having Your Computer Hijacked by Ransomware.

Ransomware is malicious software that cybercriminals use to keep your computer or computer files for ransom, demanding payment from you to get them back. Unfortunately, ransomware is an increasingly popular way for malware authors to extort money from both businesses and consumers. There is a variety of ransomware that can get on any machine, but as always, these techniques are either sprung from social engineering tactics, like sending a link that looks legitimate but is not, or from using software vulnerabilities to silently install on the computer of a victim.

Ransomware
When your computer is infected with ransomware you will often see something that looks like this.

Types of Ransomware

The first step in prevention is to understand ransomware, as you can be h by recognizing the different types of ransomware. Ransomware may range in severity from mildly unpleasant, to pretty damn scary to almost as serious to the “data hostage” as the Cold War or some such.

  • Scareware

Scareware includes fake security software and technical support scams. You would see a pop-up message claiming that bajillion pieces of malware were discovered and that the only way to get rid of them is to pay a legit-looking security company a reasonable sum of cash. If you do nothing, you will probably continue to be bombarded with pop-ups, but your files are essentially safe. A quick scan of your security software should be able to clear out these annoying little suckers. An authentic anti-virus or anti-malware program would never seek customers in this way.  That’s a good benchmark for determining what is and is not scareware.

  • Encrypting ransomware

This is the really horrid stuff. (ex: cryptolocker) These are the guys who tear up your files and encrypt them, demanding a ransom payment to decrypt and re-deliver… hence the terms “ransomware.”  The reason why this type of ransomware is so dangerous is because when cyber criminals get ahold of your files, it is nearly impossible to restore security or your data system so can get your files back to you. This is made even more difficult when one factors in the fact that a time limit is typically given to pay.  So not only is the data hostage trying to decrypt strong encryption, the hostage is doing so against a clock with a finite and often too short period of time to do anything of consequence to break the encryption.  Unless you pay the ransom you will find that – at the time set – you files will have vanished. And even if you do pay the ransom, there’s no assurance you can recover these files. Worse, sometimes the thieves raise the price to get the data back.  While it was misconstrued that the FBI said that they often advise people just pay the ransom, cyber security professionals were always clear that they advise otherwise. Indeed, the FBI quickly clarified their comments and has taken a strong position not to pay ransomware hostage-takers. Capitulating to ransomware criminals just opens the door for future attacks to you and others.  Indeed, once ransomware cyber-extortionists realize that you have improper security and are willing to pay, you are an ripe to be victimized again.

  • Screen Lockers

Advance to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means that you are completely frozen out of your PC. When starting your computer, a full-size window is often accompanied by an official-looking FBI and the US Department of Justice seal saying that illegal activity is detected on your computer and you have to pay a fine.

To regain control of your PC would require restoring an entire system in order. In  other words, rebuilding and reinstalling EVERYTHING.  If that does not work, try running a scan of a bootable CD or USB stick. The FBI would not freeze your computer or require the payment of illegal activities. If a site is suspected of being involved in piracy, child pornography or types of cyber crime, the FBI would go through the appropriate legal channels.  This means getting a court order and executing warrants.  They would not simply post a “pay a fine” notice.

Ransomware
The FBI does not agree that ransomware hostage fees should be paid. They also want the public to know that the FBI would never seize a site and put up a facepage asking for money for a fine

On the one hand, ransomware can be very scary – the encrypted files can be irreparably damaged, or the essence of the materials can be forever disrupted to the point that they are useless. But if you have prepared your system, it’s really nothing more than a nuisance. Here are a few tips that will help you on how to avoid having your computer hijack by ransomware:

Back up your data on a regular and frequent basis

The biggest thing that will defeat ransomware is a frequently updated backup. If you are attacked by ransomware a backup allows you to document that you previously started to lose files at a specific time – – for example this morning, and then one you have documented that you are the victim of a ransomware attack by filing a report at https://www.ic3.gov/complaint/ you can restore your system to a previous snapshot, or clean up your machine and restore your other lost documents from a backup, you can then finally be at ease. Remember that Crypto Locker also encrypts files on drives that are assigned to different areas of the computer. This also applies to external drives such as a USB stick, as well as network or cloud file storage that have been allocated a drive letter. Accordingly, what you need is a steady backup regime on an external drive or a backup service, which has no drive letter allocated to it or the drive is disconnected when it is not presently backing up your data.

Hidden file extensions

One way to identify Crypto Locker is that it often comes with the name in a file with the extension “.PDF.EXE” – which signifies that the ransomware is counting on the Windows default of hiding known file extensions. If you re-enable the ability to see the entire file extension, it may be easier to spot suspicious files.

Filter EXEs in email

If your gateway mail scanner has the ability to filter files by extension, you can quarantine emails with “.exe” and then deny those files the entry into your inbox. Additionally, emails sent using files that have two file extensions, as described above, the last an executable ( “* have to deny. * .exe “files in filter-speak) you can create a rule in your email client to filter those out and send them directly to the trash. If you must exchange executable files in your environment, in other words, if you have a need for .exe’s to be a necessary part of your email communication, you cannot deny emails wholesale just because they are “.exe” files.  One solution you can do with these files is zipping the files (password protected, of course) or via cloud services until you can verify the source of the file as being legitimate.

Select files that run from AppData / LocalAppData folders

You can create rules within Windows or Intrusion Prevention Software to use a special, remarkable behavior by Crypto Locker, which are enforceable in the App Data or Local App run prohibit data folders. If (for whatever reason) you use legitimate software that you know is set to not perform in the usual .exe Program Files area, but instead in the app data area, you will need to exclude from this rule.

Deactivate macros in Microsoft Office files

Most people are not aware that Microsoft Office files are like a file system within a file system, which has the ability to use a powerful scripting language to automate almost any action you can perform with a fully executable file includes. By deactivating macros in Office files, you can disable the use of this scripting language.

Malware authors often rely on that outdated software with known vulnerabilities that they can use to get silently on your system

Deactivate RDP

The Crypto Locker / Filecoder malware often access target machines using Remote Desktop Protocol (RDP), a Windows utility that permits others to access your desktop remotely. If you do not need to use RDP, you can deactivate RDP to protect your computer against Filecoder and other RDP exploits. For instructions to do this, go to the suitable Microsoft Knowledge below:

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 10

Patch or Update your software

Malware authors often rely on that outdated software with known vulnerabilities that they can use to get silently on your system. It can significantly reduce incidences of intrusions if you make a habit of updating the software often.  This will reduce the potential for ransomware pain. Some vendors release security updates on a regular basis (Microsoft and Adobe both use the second Tuesday of the month), but there are often “out-of-band” or unplanned updates in case of emergency.  Enable automatic updates, if you can, or go directly to the software vendor’s website, to block harmful security risks such as malware from authors just discovered to disguise their creations.  Worse yet, sometimes ransomware authors disguise their installation .exe as software update notifications.

Conclusion

Ransomware can be anywhere from annoying to terrifying.  With the above tips, you are on your way to stymying would be hostage-takers and keeping your data secure.

One thought on “Tips to Avoid Having Your Computer Hijacked by Ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *