Protecting myself from RansomWare

[Metanis]

What are you doing to protect your own personal machines from ransomware? I'm pretty smart about computer use and safe-surfing but sometimes you click on a link when your attention is diverted. So this past week I've taken the time to think through some steps I can take to protect me from myself. However, I just can't bring myself to reduce my local account rights below Administrator but that would be the next logical step in the progression.

Otherwise what am I missing? I've taken the following steps on all my systems at home:

1) Using Chrome for 99% of my web browsing. Edge or IE only for government and Microsoft sites which fail to render properly in Chrome.

2) Using the latest version of Norton Security installed with the firewall and browser extensions enabled.

3) Adjusted Chrome content settings - Plugins NOT allowed to autoplay.

4) Chrome Video Autoplay Blocker by Robert Sulkowski extension installed (for HTML 5 players).

5) uBlock Origin ad blocker extension installed and enabled for 99.9% of the sites I visit.

6) Foolish IT CryptoPrevent (free version) installed and set for Maximum Protection.

7) Local IPv4 DNS forwarder set to OpenDNS Family Shield addresses.

8) Unmapped all local shares on my network.

9) Backing up important data to Norton's cloud-based Backup service (part of the Norton Security product).

10) Backing up all data to external USB hard drive that is disconnected except when in-use.

 

[Porthos]

All I need is my system image backup.

 

[Krynn72]

I have all the info I care about backed up to multiple cloud services, most with versioning. Occasionally I'll make an image and save it to my external. This way I don't need to be paranoid. If I get hit, N&P and I'm back rolling along like nothing happened in under 30 mins.

That said I do have ublock installed in Opera, and Kaspersky Internet Security installed. Thats about it.

 

[CompConfig]

I protect myself the same way we protect our clients. In fact we test security measures in house first before we will ever recommend it to a client. The best is layered security and we use duel, staggered backups to nas drives which automatically connect and then disconnect from the network after the backup concludes. After the image from the nas is copied to the cloud.

3 clients have had 4 ransom ware infections over 9 years. Not one file was was lost. In one case a half a day of revisions were lost but easily corrected.

 

[Matthew Bradley]

The best is layered security and we use duel, staggered backups to nas drives which automatically connect and then disconnect from the network after the backup concludes.

All that is needed on NAS backups is a different UNC login (not a mapped drive) than the current user. We usually set up a backup folder that only has a special "backup" username / password to access it. I've seen products like Veeam include the capability for auto disconnect of USB drives but doing this with NAS isn't really needed.

 

[eznetso]

Great discussion. I have had several clients come in to my shop with all files on their hard drive and backup drive encrypted because they just left it plugged in. I feel for them because they thought they were doing a good thing trying to be safe and had no idea it could infect both. Because most of the time I get the computers after the infection, I can only educate, but I will work on suggesting that to new clients! Thank you!

 

[Calx]

Multipule versions of files in the cloud.
Anti virus,
don't open attachments unless i know where they are coming from.

 

[kwisher]

Linux, FTW

 

[JoeTech]

I use a similar setup but have a system image backup and online backup through crashplan. For an added layer of protection I also have the paid premium version of malwarebytes anti-exploit to protect me against all the attachments I have to open and against websites when websurfing.

 

[Larry Sabo]

I also use Mailwasher and PopPeeper to alert me to new mail and display a plain text portion of it before downloading anything from the mail server. Makes it easy to delete suspicious stuff without risk, plus helps with controlling spam.

 

[kwisher]

Well... https://en.wikipedia.org/wiki/Linux.Encoder.1

The Cloak of Smugness doesn't protect Linux users any better than Mac users - if anything the false sense of security makes users of both platforms more vulnerable than nervous Windows users.

We're all potential victims now and as OSX and Linux increase in popularity we can expect to see more malware directed at them. Just because Windows is a relatively easy target doesn't mean that there's no money to be made out of the rest of us, and there are lots of clever bad guys around to take advantage of our complacency. The backdoor shipped with Mint 17.3 in February 2016 should be proof enough of that!

That still does not apply to a normal Linux desktop user. The malware/trojan is specific to a webserver shopping cart application. I'm not saying Linux and other *nix O/S's are immune from such infections but it is much more difficult for the normal user to be infected.

Last week at my day job as a Network/System Admin at a K-12 school system, one of the secretaries received a zip file via email attachment. All she had to do was open the zip file and double-click the enclosed *.js file and her PC was infected. She lost numerous files on her PC plus it partially spread to a network share infecting close to 300 files. Luckily my boss unplugged the network cable when she notified him of a "weird message" on her screen. The infection was the Locky version of this type of ransomware. We do not backup each PC, only the file server where users are supposed to keep their important files. The removal of all *.locky files on the server and restore of the previous days files was very painless for me with our UniTrends backup server.

 

[purdybread]

What are you doing to protect yourself from Norton?

 

[Metanis]

What are you doing to protect yourself from Norton?

Norton is one of the best at any price. At $4.50 a seat it becomes an incredible bargain. I suggest you take another look. http://www.pcmag.com/article2/0,2817,2369749,00.asp

 

[YeOldeStonecat]

A solid backup plan is the best defense against ransome-ware. Even if you had one of the best AV products...not even those are 100% effective.
Additional layering of security helps. Multiple layers.

 

[cypress]

Layered approach.

OpenDNS, uBlock, Cryptoprevent, MBAM, and system image back ups.

 

[frase]

Dont click on email links you are unaware of, especially word docs best method.

 

[Ray Eifler]

Since this is what I am focused on as a consultant, I thought I would share my list for completeness/review of the top of my head:

• A/M in addition to A/V. I am using ESET + bitdefender (or you can get both from bitdefender)
• turn UAC on. Annoying but its really effective.
  
• automated AND archived backups. I use acronis for daily and store a copy on a NAS each month
• Use OpenDNS (suggested by someone in a previous post, but very effective)
  
• It USED to be the unmapping NAS drives would protect them, but that is not true anymore. If they are reachable without credentials, they are vulnerable. lock down write access where not necessary.
• If you are not on Office365, add an email spam filter up front to your email service.
  
• If you are on a domain, set the GPO to disable macros on office products.
• Use two factor for cloud storage services (dropbox, box, etc)
  
• making sure patching is scheduled is easy enough, but keep up on java, adobe, et al. patches
• put in a real firewall and actually have someone configure it (or take the time to really make sure its set) and monitor the alerts. I am using a meraki because I can review it remotely.
  
• Have a "offline" backup of financial files. Burn each month to a CD or DVD.

...but the most difficult is managing the weakest link. If you do all this and the guy next to you does none of it, you are going to have a bad time.