How To Protect Your Devices From Ransomware

How You Avoid Trojans And Save Your Data

One wrong click and it’s done: Ransomware has taken its own computer hostage. This often means the loss of important and personal data. We’ll give you tips on how to protect yourself – and get your data back when it’s actually too late.

Like sand at sea, there are programs designed specifically to detect, block and remove malware – such as anti-virus programs, anti-spyware tools or browser plug-ins – that want to ensure real-time surfing security. These guards usually offer good protection against conventional threats. Nevertheless, cyber criminals often manage to smuggle a special form of malware past these tools: so-called ransomware. Users who are too careless with e-mail attachments or careless when surfing are particularly susceptible to these blackmail Trojans – whether out of inexperience or a sense of security that conventional protection solutions often wrongly convey with ransomware.

Encryption Trojans such as Locky, Petya, WannaCry or the CryptoWall virus show that the business is worthwhile for the wire-pullers. According to SecuPedia and SecurityWeek, CryptoWall alone caused financial damage of around USD 325 million within a year. The American FBI estimates the sum of ransoms collected by the Trojan authors over the same period at 18 million US dollars.

The precursors of modern ransomware were malware such as the BKA Trojan, which infected hundreds of thousands of computers from 2011 to 2013 and enriched its authors by several million euros – the gang behind it was already caught by the police in 2013. The most popular platform for the distribution of ransomware is Microsoft Windows. Thanks to its widespread use, Windows also offers the greatest infection potential for the malware.

What exactly is Ransomware and what Types are there?

Ransomware is any type of malware that blocks access to the user’s own data (or the entire computer) and only releases it again against payment of a ransom. Well-known examples of Ransomware are the Trojans Petya, Locky, Teslacrypt and CryptoWall. In general, blackmail Trojans are divided into two variants:

So-called cryptotrojans (also called encryption Trojans) encrypt files and make them unreadable for the user. In return for payment of a ransom, the files will be decrypted so that they can be accessed normally again. A well-known example of such encryption Trojans is Locky.

Lockscreen Trojans leave the files themselves untouched. Instead, they limit the user’s input options so that the computer can no longer be used. Usually, a lock screen prevents the system from functioning properly.

The request to pay a ransom money per displayed full-screen note has both Ransomware types in common. In return, the blackmailers offer a password or key to decrypt the data or to activate the computer. Besides the moral question of whether such a transfer is the right response to blackmail, the question of trustworthiness also arises: whether the decryption code will actually be handed over after the ransom has been paid is not guaranteed.

How can I protect myself from Ransomware?

Anyone who thinks he is protected from ransomware like Locky & Co because he does not visit unsafe sites and does not open e-mail attachments from unknown senders is at least partially mistaken. Of course, this minimizes the risk of infection, but it does not mean complete protection against malware. Basically it is recommended to help security with special software like RansomFree or Malwarebytes 3. This protects against threats such as Locky and CryptoLocker and, thanks to behavioral detection, even unknown encryption Trojans turn off the juice before they tamper with their own data. Furthermore, it is recommended to follow some rules of conduct in daily use of the PC and Internet in order to prevent possible damage from malware in general and ransomware in particular:

Create Backups

The old story – but still the best method to prevent the loss of data. Back up your data at regular intervals. The annoyance about a ransomware infestation of your own system is at least limited. Do not leave the storage medium for your data backup permanently connected to your computer, otherwise it may also become a victim of encryption! This also applies to network drives.

Therefore USB sticks, external hard drives and DVDs are suitable for backups, which may only be reconnected when the system is clean. If you want to be sure, you can use a live Linux like Knoppix to copy the backups back to the cleaned computer.

Install updates and Patches

Any software installed on your computer, from the operating system and office applications to runtime environments and the familiar Flash Player, has potential security vulnerabilities that malware programmers exploit. To reduce security holes, you should always keep all programs up to date. It is also better to uninstall unnecessary software. This is the case with Flash Player, for example, because video streams today use the MP4 codec and no longer Flash.

Protection against unsafe Websites

Unsafe websites are a big risk because they try to install malware on your computer when you open them. Unfortunately, you don’t know if a page is unsafe or not. Because who searches something over a search engine, always gets web pages displayed, which one does not know yet. But are they safe?

Browsers such as Firefox and Google Chrome use the Google Safe Browsing service to warn of dangerous downloads. And add-ons like NoScript could prevent JavaScript from executing the malicious code. Ad-blockers such as uBlock Origin also maintain and block lists of dangerous domains, as well as advertising. In addition, some antivirus software offers protection against surfing and dangerous websites. The installation of protection software is always fairly simple, so you don’t need to be a geek to get it done.

Caution with Links in E-Mails

Links in phishing mails often lead to fraudulent websites that are visually indistinguishable from the secure original. So before clicking on buttons, pay attention to the web address that is displayed in the lower left corner of your browser or mail client when you move the mouse pointer over the link. If you can read a URL here that has nothing to do with the name of the visited website or the website operator, you should do without the click.

Use Bookmarks

For online banking, the best protection is a bookmark that leads you to the right online banking website of the bank or savings bank. You should always use this instead of links in e-mails. This will prevent you from being redirected to a fake site that steals your user data and password. Bookmarks also protect against typing errors.

Because unfortunately it comes again and again to typos, by which a side with similar name is called up. Some hackers deliberately obtain domains with names that differ only slightly from those of much used websites. They speculate on typos and then try to distribute malware when they visit their site.

Open only emails and attachments from known senders

Again and again e-mails from unknown senders get past the spam filter into our e-mail inboxes. Those who follow the principle of not opening emails and especially no attachments from unknown senders will reduce the risk of becoming a victim of ransomware. But also in the field of electronic mail: there is no 100% protection.

Therefore, it is recommended to check the sender of an e-mail several times before opening the e-mail and an attached file or link. Some file types should generally make you suspicious, including.asf,.exe,.avi,.mov,.mpg,.bat,.scr,.zip,.rtf,.doc,.pif,.reg and.vbs. If you know the sender personally, call him in case of doubt and ask if the e-mail and the attachment are from him.

Do not hide Extensions for known File Types

Windows has the peculiarity that file extensions known by default are hidden. This can lead to nasty mix-ups. For example, if a file name is Document.pdf, “pdf” is not the file extension because it is hidden. The file could be named completely Document.pdf.exe and would be an executable file that might install malware when you open it to view the alleged PDF document. Therefore you have to deactivate the option “Hide extensions for known file types” in the options of Windows Explorer, so that Windows shows the file name with file extension completely.

Disabling Remote Support on Windows

Ransomware not only threatens local computers, but also infects the network. To do this, the malware uses the Remote Desktop Protocol (RDP), which allows remote access to the Windows PC while on the move. For security reasons you should disable remote support in the system properties.

Install Software for Protection against Ransomware

In addition to regular backups and careful use of the Internet, you should install up-to-date protection software such as RansomFree or Malwarebytes 3 on your computer to protect you against ransomware such as WannaCry.

What can I do if I am a Victim of Ransomware?

A payment of the demanded ransom to the hackers may be an obvious way to get access to his data again. But can criminals be trusted? There is no guarantee that you will receive the password for decryption! In addition, ransom demands are often high and payment is morally wrong, as this motivates the perpetrators to continue.

The Trend Micro Anti-Ransomware Tool can be a helper in times of need. Among other things, it creates bootable USB sticks that allow access to the system without the lockscreen, and then throws the malware directly from the computer via this back door. According to the manufacturer, the tool also protects against Ransomware WannaCry, which infected many computers worldwide in May 2017. However, the software cannot decrypt encrypted files.

There is only one thing to do after the ransomware infestation: wait and hope that the code behind the respective malware is cracked, with which the files can be decrypted again. If you have a current backup of the files, you save waiting and can use it for recovery.

Tip: However, the programs presented here for protection against Ransomware do not offer protection against viruses and virus-like threats. If you are looking for the right antivirus program, take a look at our article on free antivirus protection for Windows, Mac and Linux.

We wish you every success in protecting your data and a safe journey through the Internet!