The article has divided the ransomware preventions steps into two categories: The first category describes the strategy on the system level. The second strategy is depends on human factors, one has to implement and practice these to build the sixth sense in term of information security.
Strategy I (On the System)
1. Data Backup (Online and Offline): This is the most important task that everyone must do. It is highly recommended to take data backup on both online (cloud etc.) and offline (local HDD backup etc.) mode on regular basis to protect your data for any further ransomware attack and destruction.
2. Strong Security Guard: This is somewhere many users are lagging behind. The practice of having a strong Antivirus, Firewall, Spyware etc. with the latest updated patch can prevent many incoming attacks. It is also advised to personalize the security protections to run on their best configuration to protect the system. Enable the security softwares to run on heuristic mode and enable to scan for compressed or archived files as well.
3. Updating of OS and all Services/Softwares: One must keep the operating system and all other services and softwares updated with the patch released by the vendor or vendor authorized 3rd party and not from any other random source who claims for providing robust and quick update.
4. Use of Spam Filter: It is a good way to detect unsolicited and undesired email and prevent those from getting to inbox.
5. Running on-time Remote Service and File Sharing: It is advised to run any required remote service or file sharing only when it is needed. Ransomware takes this advantage to spread the attack into other systems or network connected with the infected one.
6. Disabling of Unused Active Network Connection: If someone is not using a particular network connection (which is still on active mode), then connection traffic will also be ignored for obvious reason. Attackers take this advantage to expand their attaching range. So this channel must be stopped by disabling the unused but active network connection.
7. Disabling of Auto Execution of files: There are some services which are authorized by admins to auto execute of files on system. These features need to be evaluated to keep on the system.
8. Enable ‘Show File Extension’ on Windows system: Generally end users do not want to see the common file extensions. Attackers try to puzzle their target users to hide malicious files inside well known file types. By showing all file extension feature in Windows system, users will understand the correct file type and refrain to execute some unwanted malicious extensions.
Strategy II (The Human Factor)
1. Learn to Read eMail Message Header: It is a good practice to track down the spam email source. Whenever a mail looks like suspicious in nature (even for regular emails), it is strongly advised to look for the header for source IP address for a quick reverse lookup to validate.
2. Double Attention before Downloading an Attachment: Most of the malicious files are being downloaded by the users through email. Look for the header information to validate the user, domain etc. correctly before downloading an attachment. It is also the worst practice to auto-run a downloaded file. File extension should be checked and passed through security software before further processing.
3. Beware of pop-up: This is where many users are social engineered with some catchy advertisement, rumor, and news etc. to click on a link which ended with infected the system by creating a hidden channel (backdoor) to the bad guys.
4. Control your own browsing: This is advised not to follow a pop-up or random link guide you to your target website. Always use search engine.
5. Educate yourself with Security Awareness Trainings: Follow organizational or some trusted online security awareness trainings on regular basis to update yourself with latest preventions techniques w.r.t the latest attacks methods.
Don’t be The Bot of Attackers: Some people might ask “Why me? Why the attackers would target my system for ransomware attack? They must have measured that I will never pay few dollars to decrypt my files etc.”
The answer is you may not be their last target, but you can be their BOT for spreading the attack further. They may use you or your system to fulfill their wish to reach their actual target. So, follow proper prevention method to secure your personal data and do not act like a bot even unknowingly.
Bottom-line: No one is 100% Secure. In the present age of rapidly changing technology, new set of attacking methods are being developed almost every day. Hence no security prevention methodology or technology can claim to provide/guaranty of 100% protection from all present and/or any upcoming security attacks. However, adapting to standard security prevention methodology and taking precaution can limit the probability of being attacked in future. It will throw some level of challenge to the attackers to get into the system and help in a great way to prevent important data for compromise.
Magrabur Alam Sofily (www.linkedin.com/in/magrabur-sofily-23402240)
TCS Enterprise Security and Risk Management