Ransomware is becoming an increasingly popular way to extort money as cybercriminals continue to target both consumers and businesses. Recent widespread threats include CryptoLocker, CryptoDefense, and the latest, CryptorBit. The malicious emails have largely targeted the U.S. and U.K., but there is no geographical limit on who can be affected. The initial wave of emails first hit consumers, then SMBs, and now, cybercriminals are beginning to target Enterprises.
Millions of malicious emails were sent and tens of thousands of machines have been infected, but there is good news – there are plenty of Cyber-Hygiene best practices that consumers and businesses can follow to protect themselves.
Do not open email attachments with .exe extensions
Common sense goes a long way when it comes to online security. But, in some cases, malicious emails can be very difficult to spot. In the case of the Cryto-malware mentioned above, an unsuspecting computer user will either get an email seeming to be from their bank, friends, Facebook (News - Alert) or a host of other fake senders, or be asked to click on a pop-up in a website. The user thinks it’s legitimate, clicks on it, and before they know it, the virus is installed on their computer and their files are encrypted. However, following Cyber-Hygiene best practices can protect you from unknowingly installing malware on your system. In the specific case of CryptoLocker, emails frequently arrived with an attachment that was named with the extension “.PDF.EXE”. Cybercriminals counted on the fact that Window’s default behavior is to hide known file-extensions, which helped sneak the ransomware into the emails without looking suspicious. The .exe extension was hidden, so users were fooled into thinking the attachment was a harmless PDF file. The easy fix is to re-enable the ability to see the full file extension, so you can spot the suspicious file more easily.
Backup, Backup, and Backup
Periodic backup is a solution to any data loss problem. Many vendors offer five, 10, and even 20 GBs of free cloud storage options for consumers. Backing up your data in the cloud is not only convenient, but it can also make the difference in cases such as, CrytpoLocker and other variants of ransomware. For instance, if your files are held ransom, but you have everything backed up, you’re in the clear. It is also a best practice for businesses to back up their data to a cloud solution weekly or daily in the event that they get hit by CryptoLocker, or their hard drives fail. This is especially true for CryptoDefense because this virus flushes the shadow copy, meaning system restore will not work.
It is important to note, however, that in the case of CryptoLocker, if you have mapped a drive or assigned a drive letter to the data stored in the cloud, it can also be infected and thus locked up until the ransom is paid. The same goes with a USB drive that is left in the computer when it becomes infected. To stay safe, avoid drive mapping and back up your data regularly.
Always install the latest versions of software and apply updates
Malware authors frequently rely on users running outdated software with known vulnerabilities, which they can exploit. Using updated editions of applications, especially commonly targeted applications such as, browsers, email clients, and Adobe (News - Alert) Reader JAVA, can significantly reduce the potential for ransomware to make it into your system. For example, the latest two versions of Windows (8 and 8.1) both offer application reputation, which are able to block most zero-day threats, such as the Crypto-malware.
Use a proven and certified antivirus product
An antivirus is the first line of defense because it will help protect your computer against most viruses, worms, Trojan horses, and other unwanted invaders that can put your computer and the data within it at risk. Be sure to use a proven and certified AV that is from a reputable vendor.
Be proactive and go beyond traditional security prevention
While using a proven and certified antivirus product is always a best practice to keeping up with your Cyber-Hygiene, you can go beyond traditional security prevention by utilizing a HIPS (host-based intrusion prevention system) product. You can also use the application control feature of Windows. You should disable running applications from temporary folders and application data folders because, most of the time, these applications will be malware, which is distributed through an exploit or an .exe file with an exploit kit. Utilizing a HIPS product can be very effective and has been proven to work; however, you can improve your Cyber-Hygiene even further by applying some basic application execution control (i.e. application containment and virtualization). You can do this by simply containing your browsers (and email clients) within a sandboxed environment. This new innovation will stop zero-day threats including common JAVA exploits and the most recent Internet Explorer vulnerability and, of course, CryptoLocker, CryptoDefense, CrytorBit, and whatever the next Crypto-malware will be.
Remember, files will not install themselves. You have to do something, whether that’s visiting a risky website, clicking a malicious link, or replying to a phishing email - you have to initiate some action. But, rest assured, it’s feasible to stay fully protected when you follow Cyber-Hygiene best practices.
Comodo is a leading Certificate Authority and internet security provider. Comodo provides businesses and consumers worldwide with security services, including, PCI (News - Alert) scanning, desktop security, and remote PC support. Securing online transactions for more than 200,000 businesses, and with more than 405 million desktop security software installations, including an award-winning and software, Comodo is Creating Trust Online®. To learn more, visit Comodo.