Last week at work, I noticed some odd events in an event log, and when I investigated them, I found they were part of a failed ransomware attack. This got me thinking about how to prevent ransomware at home.
Ransomware, if you aren’t familiar, is an attack that encrypts your data and demands a ransom, usually around $300, in bitcoins, and you get a short deadline until it destroys your files. More often than not, paying the ransom is the only way to get the files back, so it’s much better to prevent it.
There are two things that ought to go without saying, but I’ll say them anyway. If you pirate software, you will get a little something extra you didn’t intend, and that little something extra may very well be ransomware. Another common vector for ransomware is unexpected e-mail. So don’t open unexpected e-mail attachments.
But a good amount of ransomware comes in over the web. Here’s how to protect yourself from that.
Conventional wisdom says that if you don’t visit web sites you’re not supposed to be visiting, you won’t get hacked. That advice doesn’t work anymore, if it ever did. Even web sites run by respected publications can unintentionally serve up malware from time to time, so you have to take measures to protect yourself.
Create a non-admin account for everyday use. Usually accounts in Windows home versions have administrative rights. It’s a better practice to create a new account that doesn’t have admin rights, and use that account except for when you’re installing software or doing other administrative tasks.
Enable Microsoft’s automatic updates in Windows. This is very important. A lot of people turn off automatic updates because they’re afraid it will break something. The thing is, that’s rare. And even when Microsoft does release a problematic update, it doesn’t fail 100% of the time. And if you do have problems due to a security update, Microsoft will help you. For free. If you get ransomware, Microsoft can’t help you.
Install Secunia PSI to keep other software up to date. I’ve written about Secunia PSI before. Ransomware usually works by forcing Internet Explorer, Silverlight, Flash, or Java to crash, tricking it into running an installation program in the process of crashing. Enabling automatic updates and installing Secunia PSI fixes the software defects that the bad guys use to cause these crashes. Secunia PSI isn’t perfect. But it does a better job of installing updates than the manufacturer’s automatic updates. It also ensures you only get the update itself. It skips the unnecessary (and often harmful) bundleware that Adobe and Oracle love to include in their security updates.
Using an alternative PDF viewer isn’t a bad idea either.
Install Malwarebytes Anti-Exploit home version. I’ve written about EMET before. But if you’d prefer something a bit more user-friendly, Malwarebytes has a similar tool called Malwarebytes Anti Exploit. These products attempt to make it harder to intentionally crash buggy software and trick it into running other code in the process of crashing. They aren’t a substitute for patching. But they provide protection for instances where the bad guys know about a defect before a patch becomes available.
Install K9 Web Protection. K9 Web Protection is a proxy server that blocks certain broad categories of web sites. It’s the home version of Blue Coat, a web filter many corporations and governments use and respect. One of the categories it blocks is malware sites. Install it and block that category, even if you don’t block anything else.
Run antivirus, but don’t count on it to stop ransomware. You need to be running antivirus. But keep in mind that when I’ve found ransomware samples and scanned them, generally only 5-10 percent of antivirus programs recognized them. Which 5-10 percent varies. And given the many issues I’ve been seeing with antivirus programs lately, my advice is to run Microsoft Security Essentials (if you run Windows 7) or Windows Defender (if you run Windows 10). If you’re actually going to pay for antivirus, get Malwarebytes Anti-Malware and run it in addition to Microsoft’s free antivirus. Malwarebytes is more aggressive than conventional antivirus, so it catches things none of the conventional antivirus programs will.
Antivirus is a class of software where the valedictorian has a C-. So there’s no point in paying $50 a year for C- protection (and risk getting D- protection) when you can get D+ protection for free.
I’ll toss in a related item here:
So you’re browsing one day looking for tech references; and you run across a place you recognize from past use; and you click four links as “open in a new tab” so you can quick-check them and move on; and out of flippin’ nowhere your sound comes on and a voice says your computer is locked and you’ll need to pay up. One browser tab now has the info for getting your life back.
Win7, Firefox, Malwarebytes Pro in place.
This one is easy, but the presentation ties in nicely with all the news stories and can send Aunt Minnie into a tailspin.
The page is resistant to close functions and will reappear when you restart the browser (I’m not sure if it used my restore settings or enabled a flag in the browser).
Open several tabs (to force slower browser loading), leaving the bad one as the focus
Close the browser
Open the browser and hit +W before the script can load.
The one I had was not persistent, other than from the page with the original link (of course I went back!). The package, by its nature, is not visible to typical anti-malware software. The source page itself drew no warnings, and other links on that page worked properly.