Ransomware – How to be secured?
Posted On August Monday 22, 2022
Ransomware is a type of malware that threatens to destroy or withhold a victim’s critical data unless a ransom is paid to the attacker. Unfortunately, this type of cyberattack is on the rise — ransomware was named the top threat type for 2021, and attacks increased over 140% in Q3 of 2021 alone.
What is Ransomware?
Ransomware is a piece of malicious code which does not resemble itself like a virus or trojan, but they lock the vital computer files and change their format and encrypt them. Whenever the victim tries to open the file, the victim is then sent a message that the contents will be destroyed within a stipulated period of time, unless the owner pays a certain amount of money to the perpetrators.
Mostly these fund transfers are done through Bitcoins to facilitate anonymity and the IT and internet users are prey to these recent Ransomware programs. It has become a huge menace and the threat is increasing day by day.
Top 27 Security Measures To Avoid Ransomware Attack
Defending against ransomware requires a holistic, all-hands-on-deck approach that brings together your entire organization. Below are the twenty seven ways an organizations can implement and stop attacks by delimiting the effects of ransomware.
Anti-spam settings
According to 2017 IBM research, 59% of ransomware infections were spread using phishing emails, by opening attachments with fake invoice or other seemingly reliable but fake information. Mostly these attachments are in the form of .exe, .vbs, or .scr file format which comes with an eye-catching email that contains malicious file. Example: 50% off or FREE distribution – kind of email subject lines are used to make user to download the malicious file. In order to avoid this type of cyberattack, it is advisable to use spam-filter settings in your email where these file types extension are put in the spam folder.
Suspicious attachments
As we already know, opening a malicious attachment is the door to hackers. On the other hand, it might be a possibility that suspicious attachments are sent from illegitimate or duplicate but known sources like – “A malicious image file sent from amzn.co domain which is quite similar to amazon.com.” Since Amazon is a trusted brand, the email will be opened blindly, leading to an attack. Keep a keen eye over the email addresses of the sender and try to avoid opening any suspicious attachments sent from these phishing sources.
Avoid giving personal information
Do you know that there are around 3.7 billion active users on social media today. This means that 3.7 billion users’ data are publicly available for cyberattack if not protected. Getting information from Dark web is another method for cyberattacks, but hackers may use OSINT technique to get the publicly available data, be it government records, social media posts on Facebook or Twitter etc. So, it is important not to share private information publicly over social media unless it’s absolutely necessary.
Think thrice before clicking
In 2018, there was a click-bait campaign happened on Facebook where the person who enters the site clicks on “I agree that I am 18+ years old” will get access to the website and at same time, the website link is posted at same time on his Facebook Wall. This was a clickbait campaign which showed that even Facebook is possible to be hacked. So, it is advisable to everyone that they don’t click dangerous hyperlinks via social networks or instant messengers.
Training employees in a company
You must invest in cultivating your security culture via ongoing security awareness training of your entire workforce. In this program, you can test their knowledge of phishing scams by sending suspicious links to their email and seeing if they click the information or not. Clickbait or clickjacking attack can be tried for your workforce to understand their knowledge.
File extensions
After the upgradation of Windows XP to Windows Vista or 7, the file extensions are hidden by default. Well, this has given attackers a chance to utilize a confusing technique where file is shared with two extensions as for example haunted.avi.exe or ransomware.svg.scr. By default, the file extension type is hidden and the victim will open the file without checking the extension. Here it is advisable to uncheck the “Show extension” option in windows.
Software update and patches installation
When there is absence of a patch or regular software update, suspicious links in a software can exploit a vulnerability in your operating system, browser, antivirus tool or other software program with the help of an exploit kit. In order to avoid this, regular update with new patches for software must be enabled in the system.
Disable internet over suspicious activity
Did you get a notification of a suspicious activity on your system and you are aware that it’s a form of cyberattack. Yes, then disable the internet! Most of the ransomware needs to build connection between command and control (C&C) servers in order to complete their encryption routine. No Internet! Ransomware will sit idle on the infected device.
- Download from trusted sites.
- Always think of downloading a file from a trusted source.
- Always think of accessing site with HTTPS security.
- Always think to download a file from trusted locations.
- Turn on the firewall and configure it regularly.
Windows Firewall is configured to disable file sharing on public internet connection. It protects your desktop from unauthorized access such as ransomware.
Least privilege for applications
Consider implementing least privilege for access to network, files and system by reviewing the levels of control. This will help you to prevent ransomware attacks from using a compromised account.
Scan compressed or archived files automatically
Most email service providers don’t scan the archived or compressed files shared over the email. This makes email more vulnerable to ransomware attacks. You therefore need tools that can scan the files downloaded on the internet before putting them in a dedicated folder section.
Strong spam filter and User authentication
Aside from having an antivirus system for scanning the malicious files from email, there is a big need for a strong spam filter which will put aside those emails to the spam folder. Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) can help you prevent email spoofing from hackers.
Disable PowerShell
PowerShell is a task automation framework which consists of a command-line shell and a scripting language. Malicious actors commonly execute ransomware from memory, leading to an evade from the antivirus system. It’s advisable to disable PowerShell from workstation systems.
Enhance security of Microsoft apps.
Hackers use weaponized Microsoft files to distribute their malicious payloads. Most of these files use macros and ActiveX directory. So, disabling the Macros and ActiveX add-ons from Microsoft Office apps will prevent ransomware attack.
Use pop-up blockers
Now-a-days malicious actors use pop-up as an entry point to the site root files. In order to prevent data breaches over here, it is advisable to use Pop up blockers like Adblockplus or make us of safe browser where pop-up are blocked by default like Brave browser.
Use strong passwords
According to InfoWorld, around 30% of the users reuse the same password on multiple accounts. This means that if a password is accessible to a hacker, most of your accounts are compromised. A weak password will enable malicious actors for the brute force attack to their way into a system or account.
Disable auto-play
AutoPlay in Windows allows to instantly run USB drives, memory sticks and CDs automatically. It could be used to sneak ransomware onto your computer.
Disable USB / CD-DVD port
Malicious actors can put trojan horse in the USB media stick or CD / DVD or can infect the USB port with command prompt. To prevent such vulnerability, it is advised to disable USB / CD-DVD port.
Disable file sharing across same network
Multiple device infection is possible if file sharing across the same network is enabled, which you don’t want to attacker to infiltrate. Hence you need to disable the file sharing option across the same network.
Disable remote services
Exploiting remote services for ransomware is one of the common ways a malicious actor uses for cyberattack. Disabling the remote service will enable extra security from the ransomware attack.
Disable Bluetooth connectivity
Mostly users are unaware if Bluetooth connectivity also works as a port for malicious actors to share files across the device. By turning off Bluetooth, infrared ports and other wireless connections will remove this threat of cyberattack
Block Tor IP addresses.
Tor (The Onion Router) communicates with their C&C servers which is a primary means for ransomware threats. Thus block all the malicious Tor IP addresses from accessing files on computer.
Network monitoring for suspicious activity
Start using network monitoring tool for any suspicious activity and avoid any cyberattacks.
Disaster Recovery Plan
Making backup of recent files over cloud server and offline over another system will be the disaster recovery plan for your business from ransomware attacks.
Develop breach and incident response framework to mitigate the potential loss from attack.
Assess your breach assessment liability and take cyber insurance.
If you found this blog post resourceful, then you might be liking to check another blog where we are giving Cybersecurity tips for the Work-from-Home (WFH) employees. To get a personalized consultation from our Cybersecurity team, feel free to drop us an email at hello@techcloudpro.com
