[GUIDE] Beginners Protect Yourself from Ransomware!!!

[wwzsocki]

In order to protect from ransomware, it is important to use good computing habits and security software.

The most important is to have a saved and tested backup of your data that can be restored in the case of an infection or any other emergency, such as a virus, malware or ransomware attack.

You should also make sure that your computers are not running remote desktop services connected directly to the Internet.
Instead, you should always use a VPN service that the computer stays hidden and is only accessible to trusted users, those who have VPN accounts on your network.

Next defensive barrier is good security software that uses behavioral detections to find and fight with ransomware. Old softs use signature detections or heuristics which is not enough these days.  
The most known is Malwarebytes Anti-Malware and is free in the basic version which is enough to scan the computer and find the threats.  Malwarebytes Anti-Malware contains behavioral detection that can prevent many ransomware infections from encrypting computer.

Make sure you are following these security habits, which in many cases are the most important steps of all:

• BACKUP your valuable data.
• Encrypt your files
• Never open attachments if you do not know who sent them.
• if you know the sender and don't trust fully try to use a sandbox or other device with no valuable data.
• Scan all received attachments with tools like Virustotal.
• Do not connect Remote Desktop Services directly to the Internet, use VPN service like free Hotspot Shield.
• Windows updates should be installed as soon as they come out!
• Update all programs frequently, especially: Java, Flash, Adobe Reader, and all other because older programs contain security vulnerabilities that can be exploited by malware.
• Install good security software that uses behavioral detections or white list technology.
• Use only strong passwords.
• Never reuse this same password on other sites.
• Make sure your SPAM filters are working in the email software (largest distribution methods for ransomware is through SPAM emails).
• Enable the viewing of Extensions (Windows and macOS do not show the extensions of a file and makes it easy for malware distributors to trick users).
• Be careful of what you download from the Internet (Free downloads may also come with a hidden ransomware surprise).
• Rename vssadmin in Windows (ransomware infections will execute the vssadmin.exe command in order to delete all shadow volume copies on a computer).
• Disable Windows Script Host (infections are installed via attachments that are script files coded in JScript or VBS).
• Disable Windows PowerShell (Windows PowerShell is also used to install ransomware or even encrypt files).
• Disable Remote Desktop, otherwise change the port! (If you are using it, then you should change the port to something other then the default port of 3389).
• Setup Software Restriction Policies in Windows (Software Restriction Policies - a method that allows creating various policies that restrict folders an executable can be started from).
• Create Application White List Policy in Windows (Software White List Policy configure Windows programs to execute only what you specify. Prevent unknown programs from running and locks the computer down completely not allowing any unauthorized programs to run).
• Do not use an account with administrator privileges when using  Windows for everyday computer usage.
• Never leave your network unsecured and try to make the WIFI password extremely strong.
• If possible try to use one computer only for banking and other important things (no email, no browsing, no downloading programs or open attachments on this machine) for all online activities use a different computer, with no important data.
• BACKUP!!!(The most important thing and guarantee for your data because sometimes after an attack the only way to restore data is to use the BACKUP copy).

Conclusion
Though it may feel like there are a lot of steps, most of them require you to just change your computing habits or perform a task once and not worry about it again.
If you follow these steps, not only will you be protected from ransomware, but also from almost all other malware.

Ochrona przed złośliwym oprogramowaniem i wirusami.
https://www.bleepingcomputer.com/news/security/how-to-protect-and-harden-a-computer-against-ransomware

[bakasabo]

Didn't know that you are so popular.
I would like to add, that changing password frequently helps alot.

[joniboini]

Seems like the guide is for Windows user. Hmm, should we add "Use GNU/Linux" as a way to protect ourselves from ransomware then?

Btw, for extreme condition, maybe disconnecting from the internet and never connect devices from outside your environment is one of the best technique to avoid any ransomware or virus in general.

[bitmover]

In order to protect from ransomware, it is important to use good computing habits and security software.

The most important is to have a saved and tested backup of your data that can be restored in the case of an infection or any other emergency, such as a virus, malware or ransomware attack.

Backup is so important for so many reasons that it's crazy not to have one.
I use cloud back up which is amazing. Free and I can access my data anywhere and anytime. Like OneDrive, Dropbox, Google drive or other free services

[vapourminer]

another easy method of ransonware protection is to have several portable harddrives and backup important documents daily to them, syncback free will do this. leave a drive plugged in overnight and have syncback do its backup in the wee hours of the morning. then in the morning unplug that drive and plug the next one in the rotation in. if you have several days (drives) worth of backups, all disconnected from the computer, ransomware cannot touch them.

if you get whacked, just reformat/reimage the OS drive and restore the documents from the latest backup drive.

the important thing is to have several drives that you rotate, and keep all  but one unplugged. the more drives you rotate, the better.

[wwzsocki]

Backup is so important for so many reasons that it's crazy not to have one...Like OneDrive, Dropbox, Google drive or other free services

...several portable harddrives and backup important documents daily to them, syncback free will do this...
if you get whacked, just reformat/reimage the OS drive and restore the documents from the latest backup drive...

BACKUP, BACKUP and one more time BACKUP!!!

Is the most important thing if you have valuable data you can't lose.

[cryptovigi]

In your list I miss one - probably the basic thing (especially in Windows), which is very often overlooked: Do not use an administrator account every day. It's a really simple way that can protect you against many malicious software and viruses. And unfortunately, I think that 90% of users think that using an administrator's account is cool and gives the user more power in everyday use.

[kingpin4321]

This are important tips that are very much often neglected.
"installing a good security software" this is very necessary your device should have a good security protection to prevent intruders

[harizen]

Just want to add that while following given pointers above...

..people should also used their "COMMON SENSE".

Sometimes even how powerful our security is, people used to fall on trap because of their own doings.

[khaled0111]

Also don't forget to encrypt files that contain sensitive data such as passwords.

Better use your common sense and keep it simple. Being suspicious and exagerating in taking precautions may have negative effects.

[wwzsocki]

... Do not use an administrator account every day. It's a really simple way that can protect you against many malicious software and viruses...

Very good suggestion @Cryptovigi will be added to the list of course.

Actually, personally, I am always surfing using an account with no administrator privileges from obvious reasons quoted above.

My next free merit will be awarded to this post.

[mk4]

Seems like the guide is for Windows user. Hmm, should we add "Use GNU/Linux" as a way to protect ourselves from ransomware then?

Linux devices aren't prone to ransomware attacks[1]; but I think the chances of your Linux device being infected is significantly low compared to Windows devices. If your Linux device gets infected, chances are, you've done something really really stupid, or the attack was focused specifically on you.

[1] https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/

[okala]

Regular backup of files is the key to not losing tour important files to viruses I will go for backup any day if you files are always backup you don't have much to be afraid of unless tour password is compromise and you need a change of password but apart from that backing up files is the best.

[mk4]

Linux devices aren't prone to ransomware attacks[1]; but I think the chances of your Linux device being infected is significantly low compared to Windows devices. If your Linux device gets infected, chances are, you've done something really really stupid, or the attack was focused specifically on you.

[1] https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/

I agree, additionally user who started using Linux often running command or modify system setting without knowing what it actually do and which could be dangerous such as :
1. Add 3rd party repository
2. Run command rm -rf /[/tt (DON'T RUN IT)
3. Add sudo when a command isn't working as expected

Pretty much. I'm also guilty of doing the "copy the command that I don't understand" on random forum posts on the web, when I can't seem to fix something when I was first starting out with Linux Mint a couple of years ago.

What does the rm -rf /[/tt command do though? Couldn't find info on Google. I'm aware that rm is remove, but what does it remove?

Nvm. Just realized it was a typo on your side lol.

[wwzsocki]

...Run command rm -rf / (DON'T RUN IT)...

When I saw this command I just immediately had to know what this is and makes, made fast Google search and



I assume there will be more members with the strive to know what that, means.

[mk4]

...Run command rm -rf / (DON'T RUN IT)...

When I saw this command I just immediately had to know what this is and makes, made fast Google search and



I assume there will be more members with the strive to know what that, means.

That wasn't the point ETFbitcoin was making though. He was specifically referring to rm -rf / , which pretty much means forcefully remove everything in your Linux OS; which is actually a lot worse than the "delete system32" prank with Windows.

For more information: https://www.tecmint.com/linux-rm-command-examples/

[wwzsocki]

That wasn't the point ETFbitcoin was making though. He was specifically referring to rm -rf / , which pretty much means forcefully remove everything in your Linux OS; which is actually a lot worse than the "delete system32" prank with Windows.
For more information: https://www.tecmint.com/linux-rm-command-examples/

The "point" has nothing to do I just needed to know what that command does/is.

That was the only explanation I was able to find when used "rm, -rf, /..." as a search query.

[r1s2g3]

That was the only explanation I was able to find when used "rm -rf /..." as a search query.

After I published my post I have seen that this command is changed a few times in different comments but was too late and already published.

rm  is remove command.
-r   option means run the command "recursively". ( it will remove the directories even they have sub directories)
-f   option mean "force" . It will not ask for any confirmation for deleting.
/    is "root" directory.(it is the start of every directory)

so "rm -rf /" means that you just want to wipe out everything from your system.

Best way to learn about the unix command is to type "man <command name>" in your unix console.

Currently I am not in unix system so I took the help from this page.

[crypto mania]

This is a really detailed list and there are few points I wasn't aware of but I am missing the simplest one which is: encrypt your files. Windows has the possibility to encrypt valuable data and you can do it in a few clicks. I think maybe this is something you want to add to this list because I am using it for a long time and saved me many times from my data to be stolen.

[DdmrDdmr]

Thanks for THIS topic! I was a victim of ransomware and believe ME... It's NOT pleasant...

Could you detail your case in order to leave a real case testimonial on how it happened, what occurred, and how you resolved the situation? It would be interesting to leave that sort of information to raise awareness and allow people to understand the process better from head to tail.