Ransomware prevention

Ransomware preventionThere are many tips for ransomware prevention online and about how to protect against ransomware, in general. Most include various commercial solutions that are, indeed, critical to providing adequate protection. We would like, however, to provide some tips on how to stay safe from ransomware infections, without relying on any software solution. It does not mean you should not implement adequate security solutions. You should ultimately combine these tips with the rest of the software-based recommendations, as when used alone, they only reduce the chances of ransomware infections but do not eliminate the risk fully.

1. Do not use privileged user accounts for everyday activity

Most people use computers at home without caring or knowing about the privileges assigned to their user account. The same happens in small and medium companies where IT departments, if present, usually have to deal with tasks that are more important. The result is people are browsing the internet, reading emails, exchanging chat messages, etc., using user accounts with far more privileges than required, usually administrative. Hence, they expose themselves to various types of malware and cyber-attacks, including ransomware.

Fact: out of the many ransomware strains, only a fraction can leverage vulnerabilities to gain privileged rights to execute malicious payloads that encrypt files and attack other computers. In addition, many ransomware variants do not function properly if not executed in a privileged security context. Hence, for ransomware prevention, proper use of privileges is very important.

Risk: running ransomware payload in the context of a regular user account may still compromise the files belonging to that user, but it is unlikely to compromise the files owned by other users or attack other computers on the network.

2. For ransomware prevention, exhibit caution when using email

Email is the most important ransomware infection vector. The vast majority of ransomware attacks have the following entry point: somebody clicking a link in an email or opening an email attachment. So, for ransomware prevention, the obvious advice is not to click on such links or open such attachments. The issue is: “How do I identify such emails?”.

Here are some pointers that may help you out:

  • Unsolicited email (and email sent by new senders) is the first candidate for the “deleted items” folder. It is rarely valid messages you should consider; Express caution and go through the email message before taking further actions such as clicking on links and opening attachments;
  • Note the email address listed under email sender. If it looks like automatically generated, or containing characters that make little sense, then that is another red flag. Usually, the email address is different than the sender name listed by your email client;
  • Express caution when receiving an email from well-known corporations or brands. Especially those messages promising something for nothing, or looking too good to be true. Many ransomware email campaigns rely on messages disguised as valuable product offers or notices from shops or service providers. Like this phishing campaign based on Netflix.
  • Irrespective of the sender, carefully assess this fact: Should you, or should you not receive an email from this sender?
    • If you should not (Email appearing to be from Netflix with important information about your account, but you do not have a Netflix account), then it is most probably something else than it appears to be.
    • If you should, or are not sure, carefully read the contents and verify the address as per the other tips This point also applies to social media; sometimes ransomware may spread like this too. So express caution when receiving messages from unknown persons, especially the ones that have a call to action, and insist on it.

3. For ransomware avoidance, surf the internet responsibly

  • Similarly to email, for ransomware prevention, try to avoid those websites that are dubious:
    • Have many adverts on the page;
    • Open many pop-out windows;
    • Have some questionable images or videos with high visual impact;
    • Provide essential advice on something using huge letters;
    • Give you free something;
    • Ask you to do something like clicking on links, etc., in exchange for something else, usually too good to be true.
    • Promise to offer copyrighted content for free;

If you come across such a website, there are big chances that the site passes on ransomware or other malware that in turn downloads ransomware.

  • Disable macros
    The macro functions in the modern text editors are rarely used. However, they are enabled most of the times. Many ransomware families are using macro functionality to execute malware that, in turn, sets the stage for a ransomware infection. It is a good idea to disable macros, and only enable them whenever needed, and only if the source of the document that requires macro functionality is trustworthy.

Conclusion

These tips are useful to hinder ransomware infections but do not provide adequate protection to bar ransomware attacks. For reliable results, follow our advice on “how to protect against ransomware”, and consider deploying our anti-ransomware solution, especially for enterprise ransomware protection. Anti-ransomware outperforms classic antivirus solution when it comes to ransomware attacks, such as the ones carried out by the dangerous Cerber variant. If you were infected by ransomware, go through our advice on “how to recover from ransomware attacks“.

For more information, follow us on social media and subscribe to our newsletter.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply