The ransomware plague continues to be a major concern for organizations around the world. These predatory programs leverage strong cryptographic algorithms such as RSA or AES to deny access to business-critical data.
This despicable activity fuels a powerful cybercrime economy. According to analysts’ estimates, the total amount of ransoms paid by victims to redeem their files can reach $2 billion a year.
What are the countermeasures for this ongoing disaster? Fortunately, staying on the safe side isn’t necessarily complicated and may not presuppose any spending at all. Here’s a list of the ways to fend off ransomware for free.
1. Strengthen your spam protection
The architects of ransomware campaigns often use botnets to send out malicious spam emails that disseminate dangerous payloads on a large scale. The good news is that the vast majority of present-day email systems provide customizable anti-spam modules. Be sure to explore the settings of your spam filter and configure it to prevent malware-riddled messages from reaching your inbox.
2. Filter emails based on the format of attached files
The prevalent ransomware distribution model relies on the use of contagious email attachments, so it’s recommended to tweak your email system’s settings so that it blocks emails with potentially deleterious objects inside. The enclosed files you should beware of include ones with the following extensions: .js, .exe, .docm, .zip, .rar, .vbs, .rtf, .pif, .bat, .scr, and .cmd. A rule of thumb is to avoid attachments that run commands or fire up sketchy Office macros.
3. Fine-tune your Software Restriction Policies
Contrary to regular programs, ransomware executables are typically launched from one of the following directories: Temp, AppData, LocalAppData, or UserProfile. Given this peculiar hallmark, you can use the Local Group Policy Editor to add a new Software Restriction Policy that will prevent processes from being executed if they reside in the above-mentioned paths.
4. Use effective VPNs
VPN, or virtual private network, cloaks your IP address and therefore makes your enterprise network a moving target when it comes to a ransomware incursion. Cybercriminals primarily zero in on vulnerable companies with poor security practices. An extra benefit of using a VPN service is that your data is reliably encrypted when being transferred so that crooks cannot take advantage of it even if they manage to intercept your traffic. Plus, most free VPNs go with a blacklist of malicious URLs and block them to thwart phishing and drive-by downloads. Before getting yourself any VPN, be sure to attentively read VPN reviews and Terms & Conditions pages.
5. Rename vssadmin.exe utility
One of the elements of a ransomware attack boils down to wiping the Shadow Volume Copies of the victim’s files. The infection does this by invoking the “vssadmin.exe Delete Shadows /All /Quiet” command, which entails a predicament where previous versions of the data items cannot be restored. If you rename the vssadmin.exe tool, the disruptive command won’t take effect and you will be able to benefit from the native Windows file backup feature.
6. Enable Windows Firewall and keep it on
Most strains of ransomware exchange traffic with their C2 servers in order to request encryption keys, download additional harmful components or receive further instructions from the operators. The beauty of using Windows Firewall or third-party firewall tool is that it can block dubious network communication of that sort, thereby rendering the raid half-baked and keeping the data intact.
7. Be a little paranoid about remote services
A growing number of ransom Trojans, such as the prolific Dharma/CrySiS lineage, hit computers via RDP services with weak authentication. To make sure your organization isn’t low-hanging fruit in terms of this vector of compromise, use strong passwords and two-factor authentication for accessing remote desktop services.
8. Always maintain backups
The fundamental precaution is to back up your most valuable data and keep these reserve copies up to date. There are many cloud services out there that provide enough free storage space for your critical files. In some cases, even a thumb drive should do the trick. All in all, backups are an indispensable element of the modern security equation.
Although the above methods don’t guarantee complete protection, they will help you avoid the mainstream ransomware threats in the wild. Last but not least, don’t forget to back up the files that matter the most. This habit can really rescue your business in case all the other preventive measures fail.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.