15 Easy steps to protect your machine against Ransomware Virus

15 Easy steps to protect your machine against Ransomware Virus
5 (100%) 14 votes

Ransomware-Protections

May 12th 2017 We all know The biggest ever Cyber attack in Internet history (yes, bigger than the Dyn DDoS).

A ransomware named WannaCry stormed through the web, with the damage epicentre being in Europe. WannaCry leveraged a vulnerability in Windows OS, first discovered by the NSA, and then publicly revealed to the world by the Shadow Brokers. In the first few hours, 200,000 machines were infected. Big organizations such as Renault or the NHS were struck and crippled by the attack.

What is Ransomware Virus

Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

 

While initially popular in Russia, the use of ransomware scams has grown internationally in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012. Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.

 

15 Easy steps to protect your machine against Ransomware Virus

Step1: Back up

Back up your all data from your system to external HDD and never put external HDD in your system until Virus attack solution comes in market, In during backup process, don’t connect your internet.

 

 

Step2- Show hidden file-extensions

 

Go to your files n folder view option, open the show hidden files option, and check if any hidden file is not related to your operating system or your file, delete that file, but don’t open it.

 

Step3- Don’t use of PEN Drive

Don’t take files using pen drive, may be a case your friend system is infected from virus and comes your system while copying movie, music and etc..

 

Step4- Don’t Open unwanted or torrents, movie and music sites, they may can infected your system.

torrent

 

 

Step5- Filter EXEs enable in your email inbox

Gmail-Filters

Stop downloading any kind of .exe file from email accoount, may be someone send you virus file in .exe format

 

Step6- Don’t download software .exe files from unrated and untrustable websites.

vista-exe-files-wont-open

 

Step7- Disable files running from AppData/LocalAppData folders

The Cryptolocker virus out there in the wild and I’ve seen it happen on a few computers and it’s certainly not pretty. The details are sorrid, but in a nutshell what happens is a crytolocker virus gets onto your computer, locks all your pertinent files and demands a ransom amount so you can get your files back. Those who pay the ones delivering the virus will become more bold and will start demanding more money.

What can you do to protect your company?
Create some Group Policies to lock down likely places for Malware / Spyware / Grayware / Cryptodefense and other likely .exe programs from running:

– Open up Group Policy and create new GPO
– Title this policy Disable .exe from %appdata% and click OK
– Right click on this policy and select Edit
– Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
– Right click on Software Restriction Policies and click on ‘New Software Restriction Policies’
– Right click on Additional Rules and click on ‘New Path rule’ and then enter the following
information and then click OK

Path: %localAppData%\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData (Win 7)

Path: %localAppData%\*\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData subfolders (Win 7)

Path: %localAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Prevent unarchived executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Prevent 7zipped executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Prevent Rar executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Prevent Winzip executables in email attachments from running in the user space (Win 7)

The following paths are for Windows XP machines (if you still have them; I put these in just in case with the same disallow security settings)
%AppData%\*.exe
%AppData%*\*\*.exe

Create your new path rules as seen above

Your final selections should look like the above. Make sure t

 

 

Step8- Use the Cryptolocker Prevention Kit

cryptolocker-ransom-popup

9- Disable RDP

RDP Disabled

The Ransomware malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely. If you do not require the use of RDP, you can disable RDP to protect your machine from Filecoder and other RDP exploits.

 

Step10- Patch or Update your software

windows-update

Enable automatic updates if you can, or go directly to the software vendor’s website, as malware authors like to disguise their creations as software update notifications too.

 

Step11- Use only Paid Anti-virus software

Antivirus Software

If you run across a ransomware variant that is so new that it gets past anti-malware software, it may still be caught by a firewall when it attempts to connect with its Command and Control (C&C) server to receive instructions for encrypting your files. so your anti virus should be updated records of virus list.

 

Step12- If system infected from Ransomware- Disconnect from WiFi or unplug from the network

unplugging-Ethernet-cable-and-X-over-WiFi

immediately, you might mitigate the damage. It takes some time to encrypt all your files, so you may be able to stop it before it succeeds in garbling them all. This technique is definitely not foolproof, and you might not be sufficiently lucky or be able to move more quickly than the malware, but disconnecting from the network may be better than doing nothing.

 

Step13- Use System Restore to get back to a known-clean state

restore windows

If you have System Restore enabled on your Windows machine, you might be able to take your system back to a known-clean state

 

Step14- Set the BIOS clock back

BIOS 16 - MIB X

Cryptolocker has a payment timer that is generally set to 72 hours, after which time the price for your decryption key goes up significantly. (The price may vary as Bitcoin has a fairly volatile value. At the time of writing the initial price was .5 Bitcoin or $300, which then goes up to 4 Bitcoin) You can “beat the clock” somewhat, by setting the BIOS clock back to a time before the 72 hour window is up. I give this advice reluctantly, as all it can do is keep you from having to pay the higher price, and we strongly advise that you do not pay the ransom. Paying the criminals may get your data back, but there have been plenty of cases where the decryption key never arrived or where it failed to properly decrypt the files. Plus, it encourages criminal behavior! Ransoming anything is not a legitimate business practice, and the malware authors are under no obligation to do as promised – they can take your money and provide nothing in return, because there is no backlash if the criminals fail to deliver.

 

Step15- Stop using old Windows operating system

expired windows

If you are using old windows operating system which Microsoft is not producing security patches or updates, stop using those system, you should use only licensed windows operating system with updated  security patch.

Thanks for reading this article, most of the above  information is complied  from internet.

 

 

 

 

 

no replies

Leave your comment