Ransomware, a serious form of extortion is a malware attack in which the attacker encrypts the victim’s data, making it unavailable to the victim and demands ransom for revealing the decryption key. This cyber-attack has gained prominence as reputed organizations are being victimized.
Protect yourself from ransomware
The following are certain proactive measures that can help you secure your data from cyber criminals.
1. Regular Data Backup
Regularly updated backup is one act that can help an organization to refrain from giving up to ransomware attacks. It has been observed that ransomware has the capability to encrypt drives that are mapped. Hence, backup has to be planned regularly to an external drive which is not assigned a drive letter. Refrain from being connected to backup service post backup activity. Connect only when it’s required.
Making multiple copies of backup data and storing them on independent drives can be considered as failure of one such drive doesn’t lead to much havoc.
Encrypting the backup data, hashing data to check integrity, setting access privileges are additional controls that can help in managing effective data backup and restoration process.
2. Email Security
Be it through links embedded in the message body or as an attachment, attackers leverage emails for their illegitimate activities. Configuring gateway mail scanner to filter files by extension, file name, type, and size of the attachment and scanning URL embedded in the email body can help mitigate the risk of ransomware attacks.
3. Acceptable Internet Usage
In wake of increasing ransomware attacks, organizations have to revisit their acceptable internet usage policy to ensure that they don’t allow online shopping, social networking sites etc., which pave way for malware payloads to enter into the corporate network.
4. Updating Software Packages and Anti-malware Suites
Attackers target victims using outdated software with known vulnerabilities, which they can exploit. Vendors release patches to overcome known bugs periodically and the softwares must be updated with latest patches to stay secure. Anti-malware suites must be updated regularly as vendors push signatures often. Patching up the Operating System, Browsers, Flash Player, Java, and other software up-to-date can help in mitigating the risk of malware attacks.
5. Enable Show File Extensions
Window’s by default hides known file-extensions. Re-enable this feature to spot files with suspicious extensions as well-known ransomware packages use multiple extensions like “.pdf.exe”, “.xlsx.scr”, “.keyxml” etc.
6. Define Software Restriction Policies
Legitimate softwares are set to run from Program Files (exceptions exist though) whereas the observed behavior of Cryptolocker is to run its executable from the App Data or Local App Data folders in most of the cases. Hence, configuring software restriction policies can thwart ransomware attacks to some extent.
7. Disable Remote Services
Malware often accesses target machines using Remote Desktop Protocol, a Windows utility that allows access to desktop remotely. Disable this feature if it’s not required. RDP can be leveraged to expand the attack surface.
8. Disable vssadmin.exe
Volume Shadow Copy Service in Windows allows to manage the Shadow Volume Copies that are on the computer. Most ransomware use vssadmin utility to delete the Shadow Volume Copies. This prevents the restoration of files from these volumes.
9. Disable macros
Ransomware is also distributed through macros in Office documents. Disable all except digitally signed macros in Microsoft Word. Microsoft has released a tool in Office 2016 that can limit the functionality of macros in Word, Excel and PowerPoint by preventing user from enabling them on documents downloaded from the internet.
10. Block Pop-ups
Install browser add-on to block popups as they can contain malicious URL’s in them which can trick the user to download malware payloads.
11. Deactivate AutoPlay
Dangerous processes can be limited from being automatically launched from external media lie USB or other drives.
12. User Awareness
Although there is no such proven methodology to prevent such attacks, good security practices do help. Users must be trained accordingly to ensure that they adhere to the security policies as most times malware attacks are the results of well-meaning but careless employees.
Authored by Divyesh D