You may have heard of ransomware viruses/trojans but don’t know the best way to protect yourself against them. Let’s break things down so that you can be more prepared.
What are trojans?
One of the biggest threats to users is ransomware viruses/trojans. What is it exactly? It is software that blackmails its victims. It does this by secretly sneaking into your computer and encrypting the data on your hard drive/SSD so that it can no longer be accessed. The ransomware will only return the password needed to unlock the encryption after a ransom has been paid (although there is no guarantee that the password will be received). Newer versions, however, not only encrypt the data but also steal it beforehand, threatening to publish the information online at the same time as demanding a ransom. This can cause inconvenience for private users and can expose trade secrets for companies. Therefore, it is highly recommended to prepare for a possible attack.
The most important things to do
Before anyone reaches for a particular solution designed to protect against ransomware attacks, it’s worth pausing for a moment to check basic security requirements, including whether the operating system is supported and whether updates are correctly installed. For example, at the end of 2020, Windows 7 still accounted for 15 percent of Windows systems in use, even though Microsoft has not released a security update for this version since the beginning of the year (except for some corporate customers, who pay for extended product support).
Home users should therefore use either Windows 8.1 or Windows 10. For Windows 10, you should also check whether Microsoft will release an update for the current subversion. For example, from the end of 2020, Windows 10 version 1903 will no longer be supported (Microsoft will provide product support for roughly 18 months after major updates). To check the current version of Windows, press [Win+R] and type “winver”. The current version is Windows 10 20H2; if this is shown in the window, all is well.
Updates are installed by default without any special user intervention; Windows also updates the Defender files. As written above, there are better alternatives to Defender. However, it’s not just Windows and antivirus updates that matter, but also what other drivers and programs you use – it’s recommended that you install the latest versions of these as soon as they become available. Firefox and Chrome are good examples: browsers update automatically in the background, completely unnoticed.
The importance of antivirals
Ransomware is just one of many types of malware. The defense should start at the basics and ensure that wherever the virus is coming from, there is a way to detect and stop it. That’s why an antivirus is a must, and some firewall program is highly recommended – even one that comes integrated with Windows 10.
Windows Defender is a module specifically designed to combat ransomware, provided that at least version 1709 is used. The related settings are under ‘Windows Security; click on ‘Virus and Threat Protection’ and scroll down to ‘Ransomware’. Here we enable the ‘Control access to folders’ option. When the “Manage user accounts” warning window pops up in Windows, cancel the setting. Three new options will then appear.
Setting up protection is a multi-step process. On the one hand, you can create a list of folders for which you want to restrict access to specific applications, and on the other hand, you can add a list of applications for which you want to allow access to blocked folders. By default, the Documents, Pictures, Videos, Music, and Favourites folders are protected, but it is possible to add any other folder to the list. The settings can prevent a ransomware virus from overwriting existing personal files.
It should be noted here that protection against ransomware is not a unique feature of Windows Defender. Many other antivirus software also has modules that directly protect against this malware. However, Windows’ built-in solution is still somewhat unique because it offers version tracking of files in conjunction with OneDrive, so all is not lost if a ransomware virus gets into your machine and encrypts your data despite the protection. It’s not free, though: at least if you want to take advantage of its features, you need a Microsoft 365 subscription to get at least 1TB of storage (the basic 15GB of OneDrive is pretty much useless).
Be prepared in case of a problem
A vital tool to protect against ransomware is a USB key or DVD created with an antivirus, which can be used to boot Windows even if your files are corrupted. Or if Windows starts, but the virus activates itself on start-up and cannot be eradicated. With a recovery USB stick or DVD, you can start your computer without Windows turning on, which guarantees that all threats are removed from your computer. Windows Defender users have the advantage of not needing such a boot disk, as they can request a scan of the machine before Windows is loaded.
Be suspicious and extremely wary of emails and macros
Ransomware viruses, which follow the operating principles of Trojans, are very good at hiding, but we know the channels along which they travel. The main ones to watch out for are our emails and macros in documents. The latter is more straightforward to defend against. It is best to disable macros by default and only occasionally. Allow them to run in a file. Of course, you should also be careful and only allow them to run if you are sure that the file will not cause any problems. This is why some ransomware sends attachments with a special warning in the body of the email that macros should be enabled. Users of Microsoft Office may also consider switching to LibreOffice, which has plenty of knowledge for home users and is not vulnerable to macro viruses.
Lots and regular backups are very important
Ransomware can be most effective if the victim does not have a current backup – unfortunately, due to user negligence, this condition is met in many more cases than necessary. The primary backup strategy includes two backups: one backup of the Windows system to restore a working system in case of a compromise, and the other backup of the data you want to protect from ransomware (or, more generally, data loss). Backup can also be done with Windows, but it should be noted that the built-in File History feature is not very intuitive; alternative solutions are typically easier and faster to set up and use.
There are also several free backup solutions: Aomei Backupper Standard has everything you could need in a home environment. It’s worth backing up constantly, but it’s highly recommended to start the backup app before and after significant updates to Windows 10. As a rule of thumb, we recommend backing up your data at least monthly, but daily or more frequent (even hourly) backups may be a good choice for critical personal data. This is because, in the worst case, only a single day’s work is lost if, say, ransomware destroys your work presentation that’s been weeks in the making.
However, it should also be remembered that a ransomware virus has access to all data stored on the computer, so data copied to a NAS or external drive is not necessarily safe. So it’s worth making a second backup and storing it in the cloud. NAS and the cloud are a perfect combination, as most network storage devices can automatically sync data to the cloud as well.
Did you know?
Extortion is one of the most popular methods for cybercriminals to make money. They can then use these funds to pay their botnets, which spread more ransomware viruses/trojans.
Conclusion
Ransomware viruses/trojans are one of the biggest threats to users. These viruses encrypt files and hold them hostage until they receive payment from the end-user. This is especially a problem for users who use public WiFi, such as airports, coffee shops, or hotels.