Consumer Support » Ransomware: How to protect your PC against ransomware attacks

Ransomware: How to protect your PC against ransomware attacks

Ransomware is a type of malware that infects and locks a computer until the user pays a fee to regain access to the data. Paired with server-side polymorphism and industry-grade delivery infrastructures, the malware can enter a system through a malicious downloaded file, a vulnerability in a network service, or even a text message. Some of the most notable examples of ransomware are CryptoLocker, CryptoWall, WannaCry, and Petya.

Usually, in the case of encrypting ransomware, local files are encrypted using a randomly generated key pair that’s associated with the infected computer. While the public key is copied on the infected computer, the private key can only be obtained by paying for it within an allocated amount of time. If the payment is not delivered, the private key is threatened to be deleted, leaving no possible unencrypting method for recovering the locked files.

One of the most common infection vectors relies on drive-by-attacks through infected ads on legitimate websites, but it has also been known to infect via infected downloaded apps.


How to protect from ransomware

Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the best way to protect against the effects of ransomware is to not get infected in the first place. Ransomware infection can be limited and sometimes prevented with a few best practices:


1. Use an updated antivirus

Use an anti-malware solution with anti-exploit, anti-malware, and anti-spam modules that is constantly updated and able to perform active scanning. Make sure you don’t override the optimal settings and that you update it daily.


2. Schedule file backups

Regularly backup your files either in the cloud or locally so data can be recovered in case of encryption. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.


3. Keep Windows up to date

Keep your Windows operating system and your vulnerable software – especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.


4. Keep UAC enabled

UAC (User Account Control) notifies you when changes are going to be made to your computer that require administrator-level permission. Keep UAC enabled to decrease or block the impact of malware.


5. Follow safe internet practices

Follow safe Internet practices by not visiting questionable websites, not clicking links, or opening attachments in emails from uncertain sources. Avoid downloading apps from unfamiliar sites — only install software from trusted sources. Do not provide personally identifiable information on public chat rooms or forums. 


6. Enable ad-blockers

Enable ad-blocking and privacy extensions (such as AdBlock Plus) to reduce malicious ads. Increase your online protection by adjusting your web browser security settings. Alternatively, you might want to consider a browser extension that blocks JavaScript (such as NoScript).


7. Use anti-spam filters

Implement and use an anti-spam filter to reduce the number of infected spam emails that reach your Inbox.


8. Disable Flash

When possible, virtualize or completely disable Adobe Flash, as it has been repeatedly used as an infection vector.


9. Enable software restriction policies

If your computer runs a Windows Professional or Windows Server edition or if you are a decision maker in the company’s IT team, enable software restriction policies. System administrators can enforce group policy objects into the registry to block executables from specific locations.

This can only be achieved when running a Windows Professional or Windows Server edition. The Software Restriction Policies option can be found in the Local Security Policy editor. After clicking the New Software Restriction Policies button under Additional Rules, the following Path Rules should be used with Disallowed Security Level:

• “%username%\\Appdata\\Roaming\\*.exe”
• “%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\\.*exe”
• C:\\\*.exe
• “%temp%\\*.exe”
• “%userprofile%\\Start Menu\\Programs\\Startup\\*.exe”
• “%userprofile%\\*.exe”
• “%username%\\Appdata\\*.exe”
• “%username%\\Appdata\\Local\\*.exe”
• “%username%\\Application Data\\*.exe”
• “%username%\\Application Data\\Microsoft\\*.exe”
• “%username%\\Local Settings\\Application Data\\*.exe”

A Local Security Policy can prevent ransomware

Related Articles

Popular tutorial videos icon

Popular How-To Videos