Ransomware is a malware that infects and locks your computer unless you pay a fee to regain access to your data. Paired with server-side polymorphism and industry-grade delivery infrastructures, the malware can enter a system through a malicious downloaded file, a vulnerability in a network service, or even a text message. Some of the most notable examples of ransomware are “CryptoLocker”, “CryptoWall”, “WannaCry”, and “Petya.”
Usually, with encrypting ransomware, you encrypt local files using a randomly generated key pair that’s associated with the infected computer. While you can copy the public key on the infected computer, you can only get the private key by paying for it within an allocated amount of time. If you don’t deliver the payment, they threaten the private key to be deleted, leaving no method for decryption to recover the locked files.
One of the most common infection vectors relies on drive-by-attacks through infected ads on legitimate websites, but it you can also become infected via downloaded apps.
How to protect your Windows PC from ransomware
Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the best way to protect against the effects of ransomware is to not get infected. You can limit ransomware infection and sometimes prevent it with a few best practices:
1. Use an updated antivirus
Use an anti-malware solution with anti-exploit, anti-malware, and anti-spam modules that is constantly updated and able to perform active scanning. Make sure you don’t override the optimal settings and that you update it daily.
2. Schedule file backups
Regularly backup your files either in the cloud or locally, so you can recover data in case of encryption. You should not store backups on a different partition in your PC, but on an external hard drive that is connected to the PC for the duration of the backup only.
3. Keep Windows up to date
Keep your Windows operating system and your vulnerable software, especially the browser and the browser plug-ins up to date with the latest security patches. Exploit kits use vulnerabilities in these components to install malware.
4. Keep UAC enabled
UAC (User Account Control) notifies you when changes are going to be made to your computer that require administrator-level permission. Keep UAC enabled to decrease or block the impact of malware.
5. Follow safe internet practices
Follow safe Internet practices by not visiting questionable websites, not clicking links, or opening attachments in emails from uncertain sources. Avoid downloading apps from unfamiliar sites — only install software from trusted sources. Do not provide personally identifiable information on public chat rooms or forums.
6. Enable ad-blockers
7. Use anti-spam filters
Implement and use an anti-spam filter to reduce the number of infected spam emails that reach your Inbox.
8. Disable Flash
When possible, virtualize or completely disable Adobe Flash, as it’s used as an infection vector.
9. Enable software restriction policies
If your computer runs a Windows Professional or Windows Server edition or if you are a decision maker in the company’s IT team, enable software restriction policies. System administrators can enforce group policy objects into the registry to block executables from specific locations.
You can only achieve this when running a Windows Professional or Windows Server edition. You can find the Software Restriction Policies option in the Local Security Policy editor. After clicking the New Software Restriction Policies button under Additional Rules, you must set the following Path Rules with Disallowed Security Level:
• “%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\\.*exe”
• “%userprofile%\\Start Menu\\Programs\\Startup\\*.exe”
• “%username%\\Application Data\\*.exe”
• “%username%\\Application Data\\Microsoft\\*.exe” • “%username%\\Local Settings\\Application Data\\*.exe”