Implementing NIST 800-171 to Manage & Measure Cybersecurity Efforts Read more
Regardless of whether you’re a home user, a business user, or even head of your company’s IT department, very few computer issues cause more worry than malicious software. The most troubling of these in recent years has been ransomware like the infamous Cryptolocker. It’s estimated these programs have affected thousands of computers and are responsible for lost files, countless hours of lost productivity, and potentially thousands of dollars paid in “ransom” to the criminals responsible.
The way the software works is chillingly simple: When the malicious file is downloaded and executes, it gets to work encrypting and locking away certain files on the affected computer. These files are generally documents, photos, music, or other files important to the user. A screen pops up that states the files are encrypted, the hackers hold the key on their remote server, and a demand of payment – typically via bitcoin or similar online, untraceable currency — is required before the key will be transmitted and the files potentially unlocked.
With all the doom and gloom surrounding ransomware, there is good news. Like most malicious software, even Cryptolocker can be easily thwarted if you take the proper steps to secure and safeguard your computer.
Malicious software works by exploiting holes in both computer and user security; if you plug those holes, then there’s no place for programs like Cryptolocker to gain a foothold. If you follow these easy steps, you’ll be able to block the majority of intrusion attempts by ransomware.
1. Back Up Everything.
This isn’t just a tip to protect against ransomware. This tip is also handy against such things as hard drive failures, general computer failures, and anything that might affect your system and its data. Simply put, if you know your data is securely backed up and out of the reach of ransomware programs, you don’t have to worry about your important files being inaccessible.
For optimal protection you should look at both physical (e.g. an external hard drive) and cloud data backups. But be careful. Cryptolocker can affect files that are mapped or connected to the drive, so it’s best to have regular backups sent to an unmapped drive or a cloud backup.
2. Show All Hidden File Extensions.
Windows has a setting that automatically hides known file types. This can prove disastrous when a malicious file masquerades as a harmless one. One common tactic ransomware creators use is to name a .exe file something innocuous like filename.pdf.exe, knowing Windows will hide the .exe part of the name and users will think the file is a harmless PDF. Setting Windows to show all file extensions can help you spot malicious programs.
3. Filter .exe Files in Email.
Check to see if your email provider can filter messages that come with either .exe files or files with a hidden extension. You might wish to adjust your email settings to deny these types of files, to lower your risk.
If you do need to exchange .exe files with another user, you can do so either via cloud services or by using password-protected .zip files.
4. Disable AppData/LocalAppData From Running Files.
Some software runs directly from the AppData/LocalAppData folders. Unfortunately, Cryptolocker has also adopted this tactic, meaning it can run automatically.
Setting exceptions in Windows to prevent programs from launching automatically can keep it from gaining traction in your system. If legitimate files need to run from this folder, you will need to set exclusions to allow them to work properly.
5. Disable Remote Desktop Protocol (RDP).
In simple terms, Remote Desktop Protocol allows a remote user access to your computer. This is useful for things like tech support or teleconferencing, but can also allow malicious programs like FileCoder and Cryptolocker to have easy access to your computer. So make sure this utility is disabled.
6. Keep All Software Patched and Updated.
Malware creators of all stripes rely on people not keeping their programs up to date. Outdated software can leave holes and exploits that criminals can take advantage of to gain access to your data, or even use your computer as part of a botnet.
If your software developer provides automatic updates, make sure they are enabled on your system. To make sure you’re receiving genuine updates and not disguised malware, you might also get updates directly from the software developer’s website.
7. Use Good Security Software.
Like keeping your software updated, it’s also important to have a good anti-virus security suite installed on your computer. Like the criminals who develop malware, antivirus software developers work tirelessly to make sure malicious programs and their variants are detected and either blocked or removed from a computer.
You’ll also want to be sure to have a good software firewall installed, as that will block programs like Cryptolocker from executing and contacting its remote server.