Time and again we learn about threats, that new variants of malware such as Ransomware pose to computer users. The ransomware virus locks access to a file or your computer and demands that a ransom be paid to the creator for regaining access, usually allowed via either an anonymous pre-paid cash voucher or Bitcoin. One specific ransomware threat that has managed to attract attention in recent times, is Cryptolocker, apart from FBI ransomware, Crilock & Locker.
The speciality of the ransomware is that, it may come on its own (often by email) or by way of a backdoor or downloader, brought along as an additional component. Your computer could get infected with ransomware, when you click on a malicious link in an email, an instant message, a social networking site or in a compromised website – or if you download and open a malicious email attachment. Moreover, like a notorious virus, it may go undetected by most antivirus programs. And even if your antivirus software is able to remove the ransomware, many a times, you will just be left with a bunch of locked files and data!
While the situation is worrisome and the outcome is fatal in most cases if you fail to comply with the malware author’s rules – since the encrypted files can be damaged beyond repair – you can take certain preventive measures to keep the problem at bay. Let us see some of the Ransomware prevention steps you can take.
Updated OS & security software
Goes without saying that you use a fully updated modern operating system like Windows 8 or Windows 7, a good antivirus software or an Internet Security Suite and an updated secure browser and an updated email client. Set your email client to block .exe files.
Malware authors find computer users, who are running out dated versions of OS, to be easy targets. They are known to possess some vulnerabilities which these notorious criminals can exploit to silently get onto your system. So patch or update your software. Use a reputable security suite. It is always advisable to run a program that combines both anti-malware software and a software firewall to help you identify threats or suspicious behaviour as malware authors frequently send out new variants, to try to avoid detection. You might want to read this post on Ransomware tricks & Browser behaviors.
Back up your data
You can certainly minimize the damage caused in the case of your machine getting infected with Ransomware by taking regular backups. In fact Microsoft has gone all out and said that backup is the best defense against Ransomware including Cryptolocker.
Never click on unknown links or download attachments from unknown sources
This is important. Email is a common vector used by Ransomware to get on your computer. So never ever click on any link which you may think looks suspicious. Even if you have a 1% doubt – don’t! The same holds true for attachments too. You can surely download attachments you are expecting from friends, relatives & associates, but be very careful of the mail forwards which you may receive even from your friends. A small rule to remember in such scenarios: If in doubt – DONT!
Show hidden file-extension
One file that serves as the entry route for Cryptolocker is the one named with the extension “.PDF.EXE”. Malware like to disguise their .exe files as harmless looking .pdf. .doc or .txt files. If you enable the feature to see the full file-extension, it can be easier to spot suspicious files and eliminate them in the first place. To show hidden file extensions, do the following:
Open Control Panel and search for Folder options. Under the View tab, Uncheck the option Hide extensions for known file types.
Click Apply > OK. Now when you check your files, the file names will always appear with their extensions like .doc, .pdf, .txt, etc. This will help you in seeing the real extensions of the files.
Disable files running from AppData/LocalAppData folders
Try to create and enforce rules within Windows, or use some Intrusion Prevention Software, to disallow a particular, notable behavior used by several Ransomware, including Cryptolocker, to run its executable from the App Data or Local App Data folders. The Cryptolocker Prevention Kit is a tool created by Third Tier that automates the process of making a Group Policy to disable files running from the App Data and Local App Data folders, as well as disabling executable files from running from the Temp directory of various unzipping utilities.
Use Windows built-in feature AppLocker to prevent Users from installing or running Windows Store Apps and to control which software should run. You may configuring your device accordingly to reduce chances of Cryptolocker ransomware infection. This post will tell you how to create rules with AppLocker to an executable, and whitelist applications.
Disable Remote Desktop Protocol
Most Ransomware, including the Cryptolocker malware, tries to gain access to target machines via Remote Desktop Protocol (RDP), a Windows utility that permits access to your desktop remotely. So, if you find RDP of no use to you, disable remote desktop to protect your machine from File Coder and other RDP exploits.
Use Ransomware prevention or removal tools
HitmanPro.Alert is a free Ransomware Protection & Browser Intrusion Detection Tool. CryptoPrevent and CryptoLocker Tripwire are other handy tools which provide your computer a shield against Cryptolocker or any other kind of ransomware. Anvi Rescue Disk for Windows will assist in ransomware removal. HitmanPro.Kickstart will help remove Ransomware. Trend Micro AntiRansomware Tool will help you remove Ransomware.
Disconnect from the Internet immediately
If you are suspicious about a file, act quickly to stop its communication with the C&C server before it finishes encrypting your files. To do so, simply disconnect yourself from the Internet, WiFi or your Network immediately, because the encryption process takes time so although you cannot nullify the effect of Ransomware, you can certainly mitigate the damage.
Use System Restore to get back to a known-clean state
If you have System Restore enabled on your Windows machine, which I insist that you have, try taking your system back to a known clean state. This is not a fool-proof method however, in certain cases it might help.
Set the BIOS clock back
Most Ransomware, including Cryptolocker, or the FBI Ransomware, offer a deadline or a time limit within which you can make the payment. If extended, the price for the decryption key can go up significantly, and – you cannot even bargain. What you can at least try is “beat the clock” by setting the BIOS clock back to a time before the deadline hour window is up. The only resort, when all tricks fail as it can prevent you from paying the higher price. Most ransomware offer you a 3 days period and may demand even up to USD 300 for the key to unlock your locked data files.
While most of the targeted groups by Cryptolocker malware have been in the US and the UK, there exists no geographical limit. Anyone can be affected by it – and with every passing day, more and more ransomware malware are being detected. So take some steps to prevent Ransomware from getting on to your computer.