From local government entities to huge organizations, ransomware attacks are all over. It’s up to all of us to assist avoid them from being successful. Ransomware may be a sort of malware that blocks get to to a system, device, or file until a ransom is paid.
Ransomware does this by encrypting records on the endpoint, threatening to delete records, or blocking the system. It can be especially harmful when ransomware attacks influence hospitals, emergency call centers, and other critical foundations.
In order to prevent these types of attacks, there are things you can do to protect your organization:
Back up Your Data
You can definitely diminish the damage caused in the case of your machine getting infected with ransomware by taking regular backups. In reality, Microsoft has gone all out and said that backup is the best defense against ransomware including crypto-locker.
Do Not Click on Unknown Links
Never click on unknown links or download attachments from unknown sources. E-mail is a common vector used by ransomware to get on your computer, so never ever click on any link which you may think looks suspicious. Even if you have a doubt about it. DON’T!
The same holds true for attachments as well. You can absolutely download attachments you expect from friends, relatives, associates. But pay attention to the mail forwards that you might receive even from your friends.
A small rule to remember in such scenarios: If you’re in doubt… DON’T.
Show Hidden File-Extensions to Detect Ransomware
One file serving as an entry route for crypto-locker is the one named as “.PDF.exe” malware that likes to disguise their .exe files as innocent-looking .PDF files. If you allow the feature to see the entire file extension, it could be much easier to spot suspicious files and exterminate them in the beginning.
In order to demonstrate hidden file extensions, do these steps:
1- First of all, open up the start menu, then type “Control Panel”
2- Look for “File Explorer Options” on the control panel
3- Then click on the “View” button.
4- After viewing, you must uncheck “Hide extensions for known file types”
5- Lastly, click on “Apply” then “OK”
Afterward, when you check out your files, the file names will all the time appear with their extensions like .doc, .pdf, .txt, and so on…
This will assist you in seeing the real extensions of the files.
Disable SMB1
SMB “Service Message Block” is a network file protocol meant for sharing files between computers.
There are 3 versions: SMBv1 SMBv2 and SMBv3, It is recommended that you disable SMBv1 for security reasons.
In order to do this do the following:
1- First, go to “Control Panel”
2- Then, search for “turn windows features on or off”
3- Make sure that “SMB 1.0/CIFS File Sharing Support” is unchecked
4- Lastly, click on the “OK” button then restart your system.
Disable Remote Desktop Protocol to Prevent from Ransomware
Many of the ransomware, with the inclusion of the crypto-locker malware, try to gain access to target machines through “Remote Desktop Protocol” a windows utility that allows you to access your desktop at a distance.
That is, if you find out that the RDP has got no benefit for you, you can deactivate Remote Desktop in order to protect your machine from “File Coder” and also protect from any other exploits regarding RDP.
1- First things first, Go to “Remote desktop settings”
2- Then make sure that the “Enable Remote Desktop” option is turned off.
Disconnect from the Internet Right Away If You Doubt About a Ransomware
If you are skeptical regarding a file, act quickly to stop its communication with the server before finishes encrypting your files.
To do so, simply disconnect yourself from the internet, Wi-Fi, or Network immediately.
Because the encryption process takes time so although you can’t nullify the effect of ransomware, you can certainly mitigate the damage.
Use System Restore
You can use System Restore to go back to a known clean state, if you have system restore enabled on your Windows machine, try taking your system back to a known clean state.
Even though this is not a fool-proof method, in certain cases it has been known to help.
Set BIOS Clock Back
Most of the ransomware, including crypto-locker or the FBI ransomware, offers a deadline or a time limit in which you can make the payment.
If extended, the price for the decryption key can go up importantly, and you can’t even bargain.
What you can at least try is “Beat The Clock” by setting the BIOS clock back to a time before the deadline hour of windows is up.
Contact Law Enforcement
If your system is infected, be sure to contact the cryptosecurity/crypto crime law enforcement agency in your country.
You may also be interested in:
