Best Defense Against Ransomware – Is It Available?

Ransomware with matrix is shown by businessman.
Written by Valdis Koks

Defending your device against ransomware is definitely essential!

Maintaining your data duly protected against ransomware is of crucial importance today. The viruses belonging to the ransomware family can damage your important documents or photos of your family that you cherish the most. Furthermore, these threats are actively distributed on the web through very tricky methods. The main reason why their distribution rates grow by leaps and bounds is that they generate huge revenue for online frauds. Regretfully, many victims have decided to eventually pay the ransom into the pockets of cyber crooks and thus wasted their money for nothing. Obviously, there is a great demand for proper protection against ransomware threats in all their variety.

What is ransomware in the first place?

Actually, ransomware stands for a computer virus that encrypts the data on the infected computer and asks the user to transfer the ransom in order to regain access to the files. The majority of ransomware-type threats use AES or RSA encryption mechanism for the purpose of ciphering the data securely. Regretfully, there is no other option to revert the encryption process without the unique key in place. Once the encryption is accomplished, the secret key is generated. If bought by the victim, it is supposed to be transferred to the authors of the ransomware allegedly to restore the data. However, as mentioned above, there is no guarantee that the crooks will keep their promises.

Another peculiarity of the ransomware is that it appends a specific file extension to all the data that it modifies. The fact that the extension was added means that the specific document was modified by certain ransomware. Furthermore, a special ransom note is dropped into the folder containing the encrypted data with the information about the ransom amount and the payment instructions. The malware authors instruct the users to transfer the payment by means of the cryptocurrency according to the specified crypto-wallet destination within a certain period of time.

Ransomware developers additionally threat the victims that their files will be encrypted forever or that the data will be deleted in case the computer owners fail to pay the ransom amount. Of course, we all have some important documents that we cherish, so losing important information is definitely a tragedy. Hence, we all understand how important it is to keep our valuable information protected against the aforesaid ransomware-type infections.

Tips to prevent ransomware infiltration.

We have to admit that there is no absolute guarantee that the ransomware attack will be always prevented. Hackers invent new tricks daily in order to eventually inject the malicious codes. However, you do need to adhere to certain principles to maintain your device protected.

We have prepared some valuable recommendations for you to follow. They will help you to understand the main principles of how to maintain your device secure and the data always available.

Don’t forget about regular data backups.

The best way to protect your information is to make the backups of it. Nevertheless, some people ignore this advice or do not perform the backups as often as they should. It may be too late someday, especially when it comes to ransomware.

Hence, the availability of proper backup is of crucial importance. Simply make sure all your important data is properly stored or standalone storage not connected regularly to your main device. This can be USB, CD or hard drive. Some ransomware threats may also infect the files stored on cloud storages, therefore, it might not be the best solution.

Make sure your software is up-to-date.

You need to have your operating system duly updated against all possible security leakages. When the software is out-of-date, the risk of infection penetration increases essentially. Make sure you install the updates regularly. By the way, when you use Windows 7 or higher versions, the automatic update is available, so make sure this option is enabled.

Malware developers and distributors often use various bugs in the software, which makes the software more vulnerable. The frauds always know ahead of time when the specific system has outdated software, therefore, they may easily attack such devices and eventually reach their malicious objectives.

Exercise personal caution while online.

You have to realize how important your personal role is in maintaining your system secure. This is especially true when you browse the web. Indeed, you have to be very picky when selecting the sites to visit. Make sure you visit only reliable resources. Consider reading the reviews about specific websites online, for example, the information on the VirusTotal database regarding certain domain names you attempt to visit.

Another important recommendation is to be careful on popular networks or even through your email provider. Do not click on suspicious links with tricky instructions. Many times the ransomware is spread through such dubious links that may contain deceptive statements. Stay away from opening suspicious attachments from the unknown addressees.

The last but not least, make sure you always use strong and reliable passwords to your accounts. This includes your Google account, social networks and other popular Internet accounts depending on your preferences. It is a good idea to periodically change your passwords instead of using the same passwords for all accounts for several years.

Consider installing reliable security software.

We have to regretfully admit that there are many anti-virus programs today that claim to be effective in defending your device, however, they often prove to be absolutely ineffective. You may have heard about the popular security applications or even use some of such products, whereas the fact that the ransomware attacked your computer means that the software simply failed to provide its direct function.

If this is so, we recommend you to immediately reconsider your choices and switch to the software that can definitely perform the advertised function much better. Loaris Trojan Remover is the excellent utility with the anti-ransomware feature integrated into the main functionality. It will perform its brilliant work on a regular basis, whereas its power to defend the system has been confirmed by the feedback of its many satisfied customers.

Deactivate SMBv1

Deactivating SMB (Server Message Block) renders additional protection against ransomware similar to WannaCry, which leverage SMB vulnerabilities to target PCs. You can easily disable SMBv1 by selecting Windows Powershell and typing a respective command into it. Follow these steps:

  1. Right-click Windows menu icon and choose Windows Powershell (Admin). As soon as User Account Control table comes up, select Yes.
  2. The Powershell then comes up on the screen. Type the following command and hit Enter:
    Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
    Powershell Disable-WindowsOptionalFeature
  3. Wait until the process is completed. Afterwards,  type Y and hit Enter to reboot your device.

Deactivate Remote Desktop Protocol

Remote Desktop Protocol, a.k.a. RDP, stands for a Microsoft Windows tool that enables remote connections to your PC. In Windows 10, RDP functionality is disabled by default, however, users are recommended to double-check the case. To deactivate RDP in Windows 7, 8, 8.1 and 10, follow the below-mentioned tutorial:

  1. Type Advanced System Settings in Windows search and look for the aforesaid feature.
  2. Go go Remote tab. You need to make sure that the Don’t allow remote connections to this computer option is checked. Select Apply and OK to save the changes.
    Advanced System Settings remote connections computer

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment