Ransomware: How to protect your PC against ransomware attacks
Viruses called ransomware infect and lock a computer until the user pays a charge to regain control of the system and access to the data. As a result of the use of server-side polymorphism and industry-grade delivery infrastructures, the malware can be introduced into the system by a malicious downloaded file, an exploitable vulnerability in a network service, or even a text message. CryptoLocker, CryptoWall, WannaCry, and Petya are just a few of the ransomware strains that have made headlines recently.
The majority of the time, in the event of ransomware encrypting files, local files are encrypted using a randomly generated key pair that’s associated with the computer that’s been compromised. While the public key is copied onto the infected machine, the private key can only be accessed by paying for it within a specified length of time after the infection has taken place. If the money is not received, the private key will be deleted, and there will be no way to restore the encrypted files unless the secret key is recovered.
Another typical infection vector focuses on drive-by attacks through infected advertisements on respectable websites, but it has also been reported to infect through infected downloaded apps, according to the Virus Bulletin.
How to keep yourself safe from ransomware
In light of the technological constraints that prevent users from obtaining the decryption key without first paying the ransom, the most effective strategy to protect against the consequences of ransomware is to avoid being a victim of this malware in the first place. With a few best practices, ransomware infection can be restricted, and in some cases completely avoided:
1. Make use of an up-to-date antivirus program.
Anti-malware solutions that include anti-exploit, anti-malware, and anti-spam modules that are continually updated and capable of doing active scanning are the most effective option. Make certain that you do not alter the optimal settings and that you keep it updated daily.
2. Create a schedule for file backups.
Back up your files regularly, either in the cloud or locally, to ensure that data can be recovered in the event of an encryption attack. To prevent data loss, backups should not be kept on a separate partition on your computer, but rather on an external hard drive that is linked to the computer just for the length of the backup.
3. Maintain the most recent version of Windows.
Maintain the most recent security patches for your Windows operating system as well as any susceptible software – particularly the browser and browser plug-ins – on your computer. Exploit kits take use of flaws in these components to automate the installation of malware.
4. Keep the User Account Control (UAC) activated.
If any modifications are going to be made to your computer that requires administrator-level approval, UAC (User Account Control) will alert you of the impending changes. Keep User Account Control (UAC) enabled to reduce or prevent the impact of malware.
5. Adhere to safe internet usage guidelines.
Follow safe Internet practices by not visiting questionable websites, not clicking on links, and not opening attachments in emails from unknown senders, among other things. Do not download applications from unknown websites; instead, only install software from reputable sources. In public chat rooms or forums, do not provide any personally identifiable information about yourself.
6. Enable ad-blocking software.
7. Anti-spam filters should be used.
Reduce the number of spam emails that reach your Inbox by implementing and utilizing an anti-spam filter.
8. Turn off the flash.
Adobe Flash should be virtualized or disabled whenever possible, as it has been used as an infection vector on numerous occasions.
9. Enable software restriction policies on the computer.
Enable software limitation policies if your computer is running the Windows Professional or Windows Server editions, or if you are a decision-maker on your company’s information technology team. System administrators can import group policy objects into the registry to prevent executables from being loaded from certain directories.
This can only be accomplished by using the Windows Professional or Windows Server editions of the operating system. The Software Restriction Policies option can be found in the Local Security Policy editor, which is accessible from the Start menu. Following the selection of New Software Restriction Policies from the Additional Rules drop-down menu, the following Path Rules should be applied with the Disallowed Security Level: