How to prevent ransomware should be on the top of your security list. This post will explain what ransomware is and how you can keep yourself safe from this type of malware.
What is ransomware, and why is it so bad?
Ransomware is a piece of malicious software that, when executed, encrypts — or locks — popular file types causing you to be unable to open documents or even run applications. The malware then displays a message with instructions on how you can pay — usually via cryptocurrencies — to get your files back.
In reality, when you see that message, you better hope you’ve had good backups of your data. Otherwise, chances are you will never get your files back even if you pay, not that you can afford in the first place. And even if you can, paying the bad guys only translates into more attacks, because you support the practice. In any case, it’s a big headache that can also mean the end of your business or career.
Ransomware cannot install itself and, just like any software, requires user interaction to execute. In most cases, it tricks you into opening it by disguising as an email attachment or a legitimate update of another application. Others, the bad guys manage to gain access to your computer remotely and run the malware themselves.
For this reason, I’d call a ransomware attack an “inside job” — somebody must have full access to your computer to make it happen. And that implies two things:
- It’s tough to prevent — it can take as little as a few misclicks to get infected.
- The damage is extensive. All files on the computers and all network resources, to which the current user of the infected computer has access, are susceptible. Therefore, in an office, expect all shared folders to be vulnerable.
There are many variants of ransomware. When a new one is out, even the best protection software can’t stop it from executing. Antivirus and anti-malware applications are generally one step behind. From my experience, the latest ransomware variants also remove itself after having done the damage, making it impossible for antivirus vendors to figure out how to detect and prevent it.
As a result, there’s a large window when everyone can be vulnerable. That said, you should always have contingency plans.
How to prevent ransomware
The best way to avoid ransomware is to take precautions and always practice safety measures. The following are what you should generally do.
Good ransomware prevention practices:
- Stay alert: Assume that you’re vulnerable and maintain vigilance. The truth is it only takes a second to get infected but a very long time (and a lot of money) to undo the consequences, if possible at all.
- Stay updated: Keep your computer update to date with the latest security updates.
- Strong passwords: Always use strong (hard-to-guess, that is) passwords and keep them safe.
- Beware of attachments/embedded links: Do not automatically open email attachments without knowing for sure that it’s safe. Do not click on embedded links from an email or chat screen or social media without knowing for sure the URLs are safe. Generally, by hovering the mouse on the hypertext, you can preview the entire link itself. Check to make sure the domain is legit.
- Respect Windows/Mac’s warnings: When there’s a pop-up asking whether you want to run/install an application, take your time to make sure before responding affirmatively. Don’t just click on “Yes,” “OK,” or “Run” mindlessly.
- Use protection software and keep it up to date. At the least, the software might give you more warnings before you’re about to execute some suspicious codes. However, don’t rely solely on protection software; the last line of defense is always you, the user.
- Turn your computer off: Leaving your computer on 24/7 not only wastes energy but also gives bad guys more time to mess with your system. So turn it off when you’re ready to call it a day.
- Set up remote access correctly: Do not turn on remote access unless you intend to use it. When you turn it on, make sure you know how to do that safely. The most basic is to change the default port number. Also, using strong passwords is a must.
How to prevent ransomware from causing unrepairable damages
There’s only one way to make sure ransomware will not cause permanent damage, which is a good backup practice. Let me say that again, having regular and proper backups is the only sure way to keep your data intact against a ransomware attack.
Good and proper here means the backup should not be readily available to the user. This is because if the backup is accessible to the account that gets infected, during the attack, the backups are also encrypted and therefore useless.
Here are how to back up properly:
- Use a different user account for the backup job and prevent any other users from accessing the backups. This method suits well an office environment.
- Take a backup offline. You can do this at home. An example of offline backup is to alternate backups on two or more external drives and disconnect the drive after a backup job.
- Use some cloud backup service. In my experience, some, like Google Drive, are smart enough not to back up data that’s encrypted by ransomware.
- Use a NAS server, such as the Synology DS218+, or the DS1618+, as the backup destination. These servers can keep versions of their data using Snapshots, allowing you to restore in case their share folders are infected.
By the way, you use a Windows computer/server as a backup destination, make sure you turn on the Shadow Copy feature on that computer. Note: If the server is infected, Shadow Copy doesn’t help since ransomware tends to delete all local shadow copies as part of its infection. So, again, make sure the admin account of the server is safe by keeping its password secure.
If you use Windows 10, check out the Ransomware protection feature below.
How to prevent ransomware attack using Windows 10’s security
Starting with version 1709, Windows 10’s built-in Windows Security Center has a new Ransomware protection feature that protects your files in the event the computer is infected. (If you’re not sure what version you’re using, check out this post).
Here’s how it works: This feature preemptively limits the full access (read and write) to specific folders and only allows pre-approved applications to make changes to the content inside these folders. Other apps only have read-only access.
Microsoft determines these “whitelisted” applications automatically and generally includes common apps. However, you can also manually add other apps to the whitelist. Ransomware, by default, is not on the list and therefore won’t be able to make changes to your files to do any harm.
In other words, Windows 10’s ransomware protection feature adds another protective layer around your data by allowing only “known” or approved apps to change your data. As a result, your information is safe even if your computer is infected with ransomware.
Steps to turn on ransomware protection on Windows 10
Note: If you’re using a third-party antivirus program, which will generally disable Windows Defender, the following steps might not apply. If you want to use Windows 10’s built-in ransomware protection, you need to use Windows Defender as your main antivirus application — you’ll probably need to remove any third party software. Windows Defender, in my opinion, is an excellent antivirus application by the way. It’s free, useful, and won’t bog down your computer’s performance.
- Click on the Start button (lower-left corner) and search for Ransomware Protection. As it appears on the Start Menu, click on it — the Ransomeware Protection page of Windows Security will appear.
- Under Controlled folder access, slide the switch to the On position. Click on Yes to the User Account Control prompt.
- Click on Protected Folders. Here you’ll see that all the folders in the current profile (Documents, Pictures, Music, etc.) are already there. You can add or remove other folders of your choice, including network folders, by click on the plus (+) sign. Once done, click on the back arrow ( <- ) on top to go back a page.
- Click on Allow an app through Controlled folder access. Here, you can add more apps of your choosing to have full access to the content of protected folders by click on Add an allowed app. If you’re not sure, leave this list blank.
And that’s it! From now on, your data is safe even when your computer is under a ransomware attack. Keep in mind that this feature might block good software from accessing your data, too. In this case, you’ll need to repeat step #4 and add the software in question to the list of allowed apps.
In the past few years, I’ve run into quite a few sad ransomware-related situations. All of them, the parties involved weren’t aware of how bad ransomware was to care enough about prevention and protection beforehand. That said, make sure you check on your data right now and at the very least, make a backup before it’s too late.
Dong’s note: I originally published this post on May 24, 2018, and have updated it since with more relevant information.