How to Prevent Ransomware in 2018 - 10 Steps

Dennis Faas's picture

Infopackets Reader Steve G. writes:

" Dear Dennis,

I just read your article on How to Fix: Computer / Network Infected with Ransomware (10 Steps) and it was incredibly informative. I hope I never get infected with ransomware! That said, I have seen software products and services advertised online claiming they can prevent ransomware, but the information is often obscure. I feel like I am none the wiser. Even searching Google for 'how to prevent ransomware' points to a very short article on Norton's website, which then links to Norton Antivirus. In your previous article, you said Norton didn't stop the infection - so again I am left wondering what I need to do. Is there a simple answer on how to prevent ransomware for the average user? "

My response:

I agree with you 100% - there are many products out there that say they can prevent ransomware, but they won't do much good if your operating system or network has gaping security holes, or if the system(s) aren't patched properly, and you don't have a proper backup in place. Of course, there is more to it than that - but those points alone are huge reasons why people get infected with ransomware.

What is Ransomware?

For those who don't know what ransomware is: it is malicious software ("malware") which encrypts files on your hard drive, making them unusable. A ransomware note is then attached to the desktop and every folder that the ransomware infects, which includes an email address to contact the criminals behind the scheme, as well as a demand for money to unlock your files. Here is an example of a scarab ransomware note. Sometimes a ransomware notice will lock the entire screen of the computer; others will pop up in a window as with the wannacry ransomware.

Eventually all user data on the system will be encrypted if the infection is not halted. But halting the infection is not enough - it needs to be prevented from reoccurring. As a rule of thumb you should never pay the ransom as this will only encourage cyber criminals to keep making more ransomware variants. Also there is no guarantee that even after you pay the ransom the same thing won't happen again. And, there is no guarantee that after the ransom is paid that you will receive an unlock key.

How Can I get Infected with Ransomware?

You can become infected with ransomware just like any virus or malware.

Some common attack vectors include: email attachments, malicious websites, remote desktop programs (RDP, VNC, TeamViewer, etc), and not having your operating system patched. In the latter case you can become infected by simply having your machine connected to the Internet or by visiting a malicious website that has a 'drive-by downloading' exploit.

Not patching your operating system is similar to leaving the front door of your home wide open for burglers.

How to Prevent Ransomware in 2018 - 10 Steps

Below I'll explain how to prevent ransomware using simple methods that can be deployed at home or at an office, using either a single machine or a network of machines.

It's important to note that no single piece of "anti ransomware" software exists that can manage what is mentioned in the list. Therefore it is pointless to pay for "anti ransomware" protection if you follow this guide.

Step #1: Only use a supported operating system that receives security updates

An "unsupported operating system" is one which does not receive regular security updates. Windows XP and Windows Vista are two examples of operating systems that are no longer supported by Microsoft, meaning that they are no longer maintained. Don't use an unsupported operating system especially if you are using a network of computers because oftentimes these older systems can become infected instantly just by being connected to the Internet.

Unsupported operating systems have unpatched "security holes" (otherwise known as "security exploits") in the operating system that can allow hackers (and automated "bots") direct access to the machine, which can bypass firewall or antivirus protection. From there the machine becomes infected, which can then spread across a network like wildfire - even on systems that receive security updates.

It's also important to understand that all operating systems will eventually reach their "end of life". Windows 7 will stop receiving security updates after January 2020 and Windows 8 in 2023. Windows 10 is supported until October 2025 - providing you are on the latest branch.

Step #2: Ensure your Windows Update is working properly

You are also at risk of a ransomware attack if your Windows Update is broken and security updates are not installing. Even if you are using a supported operating system (such as Windows 7, 8 or 10), this can be a huge problem. A broken Windows Update is incredibly common so it is vitally important that you check to ensure it is working.

I have written an article on how to check if your Windows Update is broken, and how to fix it. If you can't fix it, you can contact me and I will fix it for you using my remote support service.

Step #3: Ensure your firewall is enabled, antivirus / antimalware is enabled and up to date

Most antivirus / antimalware programs will update on their own. All you need to do is access the main interface to ensure that their antivirus / antimalware definition files are up to date (click here to see an example). Run a full system scan every once a month if needed.

I get asked all the time "which antivirus, antimalware, and firewall should I use?"

I believe that free antivirus works fine - I use Avast! antivirus on all my machines with minimal protection (only real time file scanning is enabled, everything else disabled). Combined with Windows 10, this is more than adequate protection. Also I don't believe in paying for a third party firewall. The Windows Firewall works fine. Just make sure it is enabled and configured properly and that you don't have any remote access programs enabled on Windows startup, as this can be a huge attack vector especially for ransomware.

If you are not sure about your antivirus, antimalware or firewall, you can contact me for a security audit using my remote support service. I can review your system and answer any questions you may have.

Step #4: Make backups often; keep critical backups offline

Backups are the ONLY way to ensure that your files are safe in case of a ransomware attack.

Here are some tips: use a disk image backup program to backup your entire C drive. If you have an external hard drive for backups, don't leave it attached to the system all the time as ransomware can spread to this drive if you ever become infected. Instead, unplug the external drive when it's not in use; this will keep your backups safe.

If you intend to run backups each day, I suggest creating a separate partition on the main drive, then copy your backups once a week or once a month to your external for safe keeping. You should also test a restore using your backup program to ensure the backups are working as expected.

If you need help setting up a proper backup system, I can assist using my remote support service - contact link here.

Step #5: Ensure proper access restrictions are in place to prevent an infection from spreading

If you are using a network of computers, you need to ensure that Computer A does not have full access to Computer B, and vice versa as ransomware is designed to spread like wildfire on a network. This is exactly what happened to a client of mine whose entire corporate network was infected with ransomware.

A much better approach is to password protect network shares according to username and password, and to limit the amount of data that is being shared. So, as an example: only share parts of the drive (Documents and Pictures) instead of the entire C drive. You can also set restrictions to folders so that are read-only on the share. This is a very effective way to prevent ransomware from spreading across the network.

If you have a network of computers and are not sure if you have access restrictions set up properly, I can provide a security audit using my remote support service, plus answer any questions you may have.

Step #6: Remain vigilant and be careful what you click

This section falls under the "use common sense" category.

There are many ways ransomware can spread. Often it is done through email attachments, malicious websites (or malicious advertising on legitimate sites - also known as "malvertising"), and even social networks. As such, don't click on every link you come across and be careful about what programs you're downloading and installing.

Don't open email attachments even if they are from someone you know as this can be forged (also known as "email spoofing"). Only open an attachment if you specifically requested it from someone. Even so, it is advisable to scan the attachment before opening it with antivirus or antimalware!

When in doubt I suggest you save the attachment to a temporary directory (c:\temp as an example), then upload the attachment to virustotal.com to compare the attachment against 50+ antivirus engines.

Step #7: Use virtual machines to test unknown software

If you received an attachment or downloaded a file you're still uncertain about, you can also use a virtual machine to open the attachment / run a program in a virtual environment, providing that the virtual machine has restricted access to your network and all network shares have been disabled.

A virtual machine provides the ultimate protection in cases where you just aren't sure if a file may be malicious, even if you've scanned it using antimalware or antivirus. A virtual machine is also an excellent way to "sandbox" an environment that may be a security risk. For example, instead of running Windows XP on an old PC connected to your network, you could run Windows XP in a virtual machine with the network completely severed, or operating on a completely separate subnet with no network shares to your main network.

Step #8: Don't fall for tech support scams

Fake tech support is a billion dollar industry. Oftentimes a message will appear that your computer is infected and you need to call a 1-800 number to "fix" the "problem"; or, you may receive a phone call out of the blue from "Microsoft" and they need access to your computer to "fix" the "problem". Please don't fall for this scam.

Oftentimes the scammers are from India and will leave remote access back doors active on the system, meaning they can access your files whenever they want and plant malware (ransomware) on the system. Once you are infected they will demand hundreds or thousands of dollars to fix the problem.

If you encounter this scam, exit the offending web page or hang up the phone.

Step #9: If you become infected, stop the spread

If you ever become infected with ransomware, it is important to stop the spread immediately. You can do this by shutting down the machine; if you have a network of computers, shut them down as well as ransomware is designed to spread as quickly as possible over a network.

Hire a professional, such as myself (contact link here) to remove the ransomware from the machine and to prevent it from reoccurring. Ransomware isn't like lightening - it can infect you again and again if you don't find out where it is coming from.

Step #10: If in doubt, hire a professional

A well trained professional, such as myself, can provide a security audit of your system(s) and alert you to known threats, and eliminate them. If you aren't sure if you are protected adequately enough based on the points I've outlined in this article, you are welcome to contact me for remote support.

Conclusion

Don't be fooled into thinking that you can "stay protected" by simply installing an anti-ransomware program or service (or a number of services) and the threat will be eliminated.

Ransomware can slide right through your defenses and go undetected if your operating system or network has gaping security holes. And, the only way to undo the damage quickly and easily (should you become a victim) is to restore from backup. Therefore, the only true way to stay protected is through a series of manual checks as described in this article.

If you are not sure, please hire a professional - such as myself - to do it for you (contact link here). You can also review my resume here.

Additional 1-on-1 Support: From Dennis

If all of this is over your head, or if you need help keeping your PC or network of PCs protected against ransomware, I can help. Simply contact me, briefly describing the issue and I will get back to you as soon possible.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (16 votes)