How to protect from ransomware?

Amaede

Amaede

Amaede

Associate
Joined
1 Mar 2017
Posts
34
Location
UK

Puzzled

Puzzled

Puzzled

Soldato
Joined
9 Jul 2003
Posts
9,595
I've been running the free malwarebytes anti ransomware software for a while but noticed it is now packaged as a complete bundle along with anti exploit, no idea how effective it is though. Just makes me feel better :o

This latest one seems to able to spread around a lot more effectively and with time delay payload even offline backups may be infected. So any home user friendly protection / advice would be appreciated as a lot of family members seem worried about this.
 

Rroff

Rroff

Rroff

Man of Honour
Joined
13 Oct 2006
Posts
91,225
MonkeyMan said:
This latest one seems to able to spread around a lot more effectively and with time delay payload even offline backups may be infected. So any home user friendly protection / advice would be appreciated as a lot of family members seem worried about this.
Click to expand...

Make sure you don't backup executable files (including checking the actual extension of downloaded attachments, etc.) - if you backup before the payload has been executed data files will be intact (even if the ransomware has been sitting dormant on your system). To double down here have 2 or 3 copies of the data offline and round robin them periodically so as to have some older copies as well as the latest data.
 

Pawnless Endgame

Pawnless Endgame

Pawnless Endgame

Soldato
Joined
10 May 2004
Posts
12,831
Location
Sunny Stafford
Amaede said:
What if the data has already been compromised, any way it can be backed up?
Click to expand...

Caged said:
Pay the ransom, hope that the people distributing the malware are honest.
Click to expand...

V F said:
LOL!
Click to expand...

20 years ago, it was imperative to keep backups. It's the same now. Weekly is ideal for a home computer, and make sure that the backup medium is of a removable sort. This is because once you're hit, you can't get your data back unless you pay the ransom. DON'T do this, because it usually funds organised crime.

As for ransomware detection, I don't think virus scanners can pick these up as they don't count as being a virus? Can someone please confirm as I'm not 100%. I know though it relies on social engineering, so in the NHS, it would be down to someone (typically in the accounts dept) opening a file that ends with .pdf.exe, and boom... a disciplinary hearing.
 

Caged

Caged

Caged

Caporegime
Joined
18 Oct 2002
Posts
26,107
Even if you do full system backups, any backup application worth using will let you extract individual files from that backup rather than forcing you to restore the entire system state and execute any malware contained within it. Just backing the executable for the malware up doesn't mean much since it's not being executed within a backup archive.
 

V F

V F

V F

Soldato
Joined
13 Aug 2003
Posts
21,184
Location
UK
Pawnless Endgame said:
I know though it relies on social engineering, so in the NHS, it would be down to someone (typically in the accounts dept) opening a file that ends with .pdf.exe, and boom... a disciplinary hearing.
Click to expand...

Funny to think you'd only hear this stuff back in the early 00s in college. Now a world wide problem.
 

Rroff

Rroff

Rroff

Man of Honour
Joined
13 Oct 2006
Posts
91,225
Pawnless Endgame said:
As for ransomware detection, I don't think virus scanners can pick these up as they don't count as being a virus? Can someone please confirm as I'm not 100%. I know though it relies on social engineering, so in the NHS, it would be down to someone (typically in the accounts dept) opening a file that ends with .pdf.exe, and boom... a disciplinary hearing.
Click to expand...

Heuristics might be able to stop a previously unknown deployment, known versions of ransomware can be detected and/or stopped - but customised versions or those using a new exploit might not match known patterns, etc. and get right through.

Manually interacting with malware masquerading as a datafile and/or as too many do ignoring any warning prompts can circumvent any antivirus potentially depending on circumstances.
 

Yas786

Yas786

Yas786

Caporegime
Joined
18 Oct 2002
Posts
48,796
Location
All over the world...
My brother works for an American company that deals with ransomware. He helps design robust security systems to protect companies from getting caught out.

Having asked him, his response is to download the whole internet then disconnect and browse offline:p.

I've already downloaded all teh internetz so I'm safe:p
 

demonix

demonix

demonix

Associate
Joined
26 Jul 2008
Posts
2,064
Location
Cowley, Middx
1. Keep a backup of all data that is only connected to a computer to do said backup

2. Make sure that you have all windows updates installed since this latest threat has come from the already patched security holes that were abused by the NSA whose tools were leaked to the internet recently.
 

LoadsaMoney

LoadsaMoney

LoadsaMoney

Caporegime
Joined
8 Jul 2003
Posts
30,062
Location
In a house
Ive updated Defender, but ive not had any updates for my Win 7, since they changed em to the Win 10s way, so downloaded this one from the catalogue :- March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212), which i got from here :- https://technet.microsoft.com/en-us/library/security/ms17-010.aspx, via the Win 7 64bit SP1 link down in the 'Affected Software' list.

Is that the right one i need to install ? (as theres another one underneath it called March, 2017 Security Only Quality Update for Windows 7 (KB4012212), which is only 18.8mb, but im guessing thats for 32bit).

Thanks.
Click to expand...

Quoted from another thread, as might get answer here :p
 
You must log in or register to reply here.
Back
Top Bottom