For Windows users, tips for fighting ransomware attacks


This is a horrifying word for many computer users, especially given the almost daily headlines about the affected companies. I wonder why this continues to happen to users and businesses, big and small.

But there are many things you can do to protect yourself and your business.

Be careful what you click

Ransomware that affects individuals most often occurs after someone clicks on something they shouldn’t do, such as phishing emails or web pages that install malicious files. In business environments, attacks often come from attackers who use either brute force or collected credentials to track open remote access protocols. Once inside the network, you can disable backups and wait until the best time to attack.

Ransomware is not new.Its history Dating back to 1989.. At that time, the lure was a floppy disk with the virus installed and demanded money to get the computer information back on the third day. recently, Used for colonial pipeline, East Coast gas supply pipeline company.That attack Led to the execution of gasBad publicity (and reported multi-million dollar payments) for closed gas stations, angry drivers, and pipeline companies. This was an example of what ransomware can do for businesses.

Backup, backup, backup

I co-moderate a Facebook group on security and ransomware topics. Often, when users come to us to ask how to recover from a ransomware attack, our only recommendation is to ask if they have a proper backup. That means something that runs on a regular basis and is stored on an external hard drive that is “air-gap” from your computer. If the drive where the backup is stored can be accessed, an attacker can also access it. Therefore, rotate the backup media and make sure that you always have a copy that is not offline and connected to your system.

We also recommend investigating whether your backup software has a ransomware protection feature that prevents users outside the backup process from accessing your drive.

However, there is no magic fix to get the ransomware back. Track known attacks. If the encryption key is exposed by an attacker, or if some authority hijacks the command and control server to access the encryption tool, the decryption tool is stored on that site.

Fool the attacker

If you are a little more adventurous, you can consider adding tools such as: vaccineThis prevents the ransomware from using vssadmin to delete all shadow copies. Runs on Windows 7 and above, intercepts the request and kills the calling process. Silently deleting backups and stopping the backup process is often the first sign that an attacker is tracking your system.

Make sure you keep track of the success or failure of your backup process. I personally set alerts using backup software, so I’m notified of both successes and failures related to the major infrastructure. Tracking the completion of a backup is an important way to track the state of your system.

Another trick you can use to try to dodge an attacker is Russian keyboard On the system. Darkside ransomware did not specifically check its instances, but Russian-based malware often checks where it is installed and circumvents Russian-based systems. (You don’t need to use the keyboard. Eventually you will see “EN”. System tray.. But it may only trick the attacker into overtaking you. )

Another security tool that scared attackers during recent attacks Sysmon.. This is Microsoft’s free tool to enhance security event logging on Windows machines. When an attacker using the Solarwinds vulnerability identifies the company they want to attack, if Sysmon, Procmon, Procexp, or Autoruns is installed on their system, the attacker Will not chase the company Because they didn’t want to be detected. Especially for small businesses, we recommend that you use Sysmon to extend your system’s log files.

What you can do

In conclusion, don’t let an attacker easily turn you into another ransomware stat. Here’s what you can do to reduce the chance of an attack: “

  • Perform proper backups on a regular basis and make sure you have multiple external hard drives that rotate to ensure that at least one copy of your files is always offline.
  • Keep your browser up-to-date and updated regardless of your operating system.
  • Make sure your email is properly filtered, either from your ISP (if you’re serving email) or using Gmail or
  • Please consider adding Duo certification When using Remote Desktop Protocol in small businesses, as two-factor authentication for remote access. Also, when it comes to remote access, don’t just allow passwords between you and the outside world.

These may not guarantee that you are completely safe from ransomware, but at least you should reduce your chances of being attacked.

Copyright © 2021 IDG Communications, Inc.

For Windows users, tips for fighting ransomware attacks

Source link For Windows users, tips for fighting ransomware attacks

Exit mobile version