Ransomware has become quite a scary type of malware. Everyday we get tickets from our customers worried (some even terrified) of the consequences.
Here are some tips on how I deal with the ransomware threat.Education
Most malware infections originate from suspicious emails, websites and installing questionable software.
I've always helped users identify suspicious email and advised them not to open attachments unless they are expecting the email and they know the sender.
Don't stay too long on websites that have questionable content or are full of advertisements. If someone sends you a link don't click on it unless you trust the sender.
Try to avoid installing software unless you have a business/personal need for it and have read reviews. It is also a good idea to test software in a virtual machine first.Technical
A good spam filter (local or on the mail server) should also help prevent malware and phishing emails getting through. *
A web content filter will help prevent users from visiting websites they shouldn't visit however, if you are not in a business environment this is likely something you won't have available (some ISPs in the UK do provide a content filter). A good parental web filter or modern antivirus should help detect malicious and compromised sites. Sophos
offer a free AV with web filtering for home use, I personally use this.
A good firewall that has IP reputation features should help protect your network (more relevant for business). Most malware "calls home" to function or install its payload. Blocking the access to these IP's help prevent further infection. Firewalls appliances from Sophos
are good choices.
Installing an modern antivirus is also a must. Some vendors are now targeting ransomware specifically and are worth a look. Malwarebytes Anti-Ransomware HitmanPro
Keep you computer and installed software patched. Especially browsers and use ad-blocking extensions if you can.Minimising Impact
Log on to Windows using an account without administrative privileges, if you do get a malware infection this should limit the effect. For example If you logon as a domain administrator and get infected, the malware will have full access to all your systems where, if Bob from sales gets an infection it will be limited to the areas he has access to.
Take regular backups and have backups stored offsite. (Thanks SeekForever)
Log file/folder changes on a network share. Dealing with an Infection
You only have two option when dealing with modern ransomware:
1) Pay up (not recommended)
2) Restore from a backup.
This is by no means an exhaustive list but it gives an idea of what can be done. If you would like to add to my tips I will happily pin the post for all to see.* If you wish to discuss firewalls/spam filters etc please open a thread in the watercooler.
See our reviews on