The DoJ announced that the Internet Crime Complaint Center (IC3) had received roughly 7,750 public complaints regarding ransomware since 2005, with an estimated $57.6 million in damages. The costs come from ransoms paid in addition to the associated cost of lost data.
Cyber threats are continuing to escalate through the use of Ransomware virus invasions. The sophistication of the programs take viruses to a new level as entire computers and networks have their critical files encrypted and then held ‘ransom’ for the decryption key. Taking a few preventative and proactive steps will help to secure your vital data to assist in maintaining the integrity of your system and avoid ransomware recovery.
Backing up your data to an external source, outside of the computer or network, is singlehandedly the best method to combat ransomware. In the case of a ransomware cyber attack, you will be able to restore your system. A backup can be to a USB, the cloud or even a disk, but must be completely removed from your current operating system to avoid infection.
To assist individuals and companies in backup efforts, we have partnered with Carbonite, one the most reputable cloud-based backup solutions. Together, we have established a method to help configure the backup process, so very little technology knowledge is needed. We help all clients with the consultation and implementation of this at no cost to you.
Click here for the Carbonite information.
Ransomware Protection Security Suite:
Today’s ransomware protection goes beyond the standard firewall and must have a full suite, including anti-malware and virus protection software. Cyber hackers are continually evolving their software, searching for methods to enter your system undetected. Each layer of a security suite will make an attempt to catch the attack. If a new variation gets past the anti-malware, the additional level within a strong firewall can thwart the connection with the Command and Control (C&C) server to confirm the encryption file instructions.
After extensive testing and confirmed ransomware blocking, we recommend the following security suites:
Free Software That Will Help Ransomware
BitDefender recently released, a tool they claim will significantly diminish the spread of ransomware. We’ve tested it out ourselves and had great results.
Keep Your Security Software Updated:
Cyber hackers depend on the fact that many people allow their security systems to function without timely updates. This allows system vulnerability for exploitation. The easiest ways to ensure software updates/patches is to enable automatic updates. If you have this protocol enabled, do not respond to any communication offering the ‘update’, as malware authors often send these notifications. Instead, go directly to the software website URL for additional updates.
Enable Hidden File Extensions:
Ransomware has been successful due to their sneaky ability to hide damaging .exe files within seemingly harmless files such as .pdf’s. This ability is a loophole within the Windows environment as it allows hidden files. Check your Windows version for the instructions to see/view the ‘full file extensions’, and therefore be prepared when a dangerous attachment is sent.
Disable/Deny Emails with .exe Extensions:
A majority of the gateway mail scanners already include the function of denying email with .exe extensions. The executable file is the method used to gain access and encrypt your computer and/or network. You should have the ability to also deny two file extensions, including any .exe files that are embedded. Another type of file attachment includes .zip files, which can contain a multitude of file types. There should be options for you to deny .zip files via a password-protection ability as well as via cloud services.
Deny/Disable AppData/LocalAppData Folder Files
Ransomware makes use of the AppData/LocalAppData folders to run the executable virus software. You do have the option of creating rules within Windows or through Intrusion Prevention Software to disable anything that tries to make use of the folders. If you have legitimate programs that make use of the folders, you can exclude it from the deny/disable rules.
Disable Remote Desktop Protocol (RDP):
RDP is used to allow remote access to your computer or network. Typically, this is for technical support or for viewing/sharing desktop information. It is also used in some of the more common conference software. Many firewalls have a denial ability already built in. If you do not have a need for RDP, you can disable the ability.
Use a Ransomware Prevention Kit Option:
This is a type of new technology that takes care of some of the more techy requirements such as disabling files running from the App Data and Local App Data folders and disallowing any .exe and .zip files. Once installed, you will need to continually check their site for updates. If you have the need to create ‘exemptions’ from their Group Policy rules, they provide an instruction document to help.
Create Strong Passwords
Proven Data has encountered a surprisingly large number of ransomware recovery cases as a result of weak username and password combinations. Hackers have tools to scan and brute force weak passwords quite easily. We cannot stress the importance of creating strong passwords to avoid this. We recommend using a strong password generator such as the one found here: http://passwordsgenerator.net/
What Should You Do If You Have Been Affected by a Ransomware Attack?
If you find that you have had a ransomware attack and have not accomplished the suggested security protocols, you have some limited options. Ransomware recovery and removal can be accomplished with a few actions on your part that will help to limit the damage.
- Immediately Disconnect the network as well as Wi-Fi:
- If you suspect a ransomware attack but have not seen the familiar ‘ransom screen’ displayed you have a small amount of time to take action to cease the communication with the C&C server before it completes the encryption of your files. Time is of the essence, as the encryption process needs time to complete the encryption process. Disconnect all Wi-Fi devices as well as any connections to any and all network servers. This is not a guarantee against encryption, but may be able to limit the damage.
- Use Your System-Restore/Shadow Copies to Return to a Previous Safe/Clean Condition
- If you are using Windows and have the ‘System Restore’, you may be able to make use of this ability to return to a previous or ‘clean state’. You will need to know that many of the malware programs have the ability to ‘shadow’ the files from system restore which means those critical files will not be available during the restore process. Some of the newer malware will also make attempts to disable ‘system restore’ and may actually delete files if you institute an executable file, which may occur during the restore or as a part of the standard Windows process. This is not a failsafe method, but if you act quickly, you may be able to outsmart the malware.
Additional Ransomware Recovery Information:
If you are a Proven Data Recovery customer and are concerned about ransomware protection or think you have been targeted by ransomware, call 877-364-5161 for immediate assistance.