Ransomware: some basic tips to protect yourself

The ransomware is causing havoc in recent times, they are a type of malware that has the ability to lock the computer or encrypt the files and then ask for a ransom for them.

It is very dangerous mainly in office or corporate environments since an infection of this type can generate the loss of important information (documents, photos, videos, etc.), some variants can even spread over the local network and also affect other computers.

They have been around for a long time but began to become popular with cybercriminals around 6 or 7 years ago, along with the boom in fake antivirus. The first variants that spread massively were not as dangerous as the current ones because they did not encrypt the files, they only simulated to block the system or they did it with methods that were easy to solve.

But for a couple of years the situation has gone to another level, since most of the variants that are circulating are actually encrypting the files. In some cases it is possible to recover them with special tools, but in others due to the type of encryption used it is impossible unless the ransomware creator is paid to receive a key that allows them to be decrypted. They usually ask for several hundred dollars and when paying there is no guarantee that they will respond, which is why they are complicated situations.

Some basic tips to protect yourself from ransomware:

Since your goal is to encrypt your files so that they cannot be recovered, you will put the Backups. Having a backup of all the information is a guarantee that nothing will be lost, but it is necessary that these backups be carried out periodically and stored safely so that they are not affected in cases of attack, if they are separated (disconnected) Of the best computers, it is also recommended to periodically check that they are being carried out correctly and that they work (that they are not corrupted and cannot be opened later).

In addition to a antivirus conventional, can be of great help strengthen protection with special tools that are designed to detect the execution of ransomware and do not generate conflicts with antivirus. Two of them are AntiRansom developed by the Spanish researcher Yago Jesus from the portal securitybydefault.com; and Malwarebytes Anti-Ransomware Beta.

Something basic that helps protect you from malware in general is keep windows updated Many of the updates received fix problems and vulnerabilities that can be exploited by attackers to infect.

It is also necessary keep the programs updated such as office automation (Word, Excel, etc), the email client, the PDF reader and especially web browsers such as Internet Explorer, Chrome or Firefox. In browsers it is also necessary to update plugins such as Flash and Java in case of using them.

One way to quickly check if the browser and its plugins are up to date is to use this online tool https://browsercheck.qualys.com that I once recommended on the blog. Also to maximize security when freely surfing the net, you can use Firefox + NoScript, a plugin that blocks all scripts and allows you to easily manage their execution according to the sites visited.

Windows offers many options to establish security policies, the most basic are configure users without Administrator permissionsIn this way, many malwares such as ransomware can be limited when it comes to acting. In network environments you can also limit the access and permissions (apply read only) of users who access other computers, this can help prevent malware from spreading internally.

Ransomware can reach us in many ways, from a simple email with an attachment to even automatically installing itself when visiting a compromised website. Although all of the above help prevent them, much of the security of the equipment depends on the users themselves and the good practices they have.

For more recommendations and advice, I recommend reading this document published at the beginning of the year by the Spanish CERT, there are more measures and procedures that can be applied.

Lastly, comment that ransomware -like malware in general- is not something that is limited to Windows, Linux and Mac systems can also be affected and there are even specific variants for mobile devices. Be careful!