The 4 Most Effective Tips to Protect Your Computer from Ransomware

The 4 Most Effective Tips to Protect Your Computer from Ransomware

Ransomware – a class or malware that restricts access to a computer until a ransom is paid – has been around for many years. In fact, one of the first known ransomware – the “AIDS” trojan – was found in 1989. Unlike other malware, ransomware has been in the background, not drawing much attention. In 2013, the ransomware called CryptoLocker began making news as it infected computers, and then began encrypting personal data files. Once the files were encrypted, a ransom message was displayed informing the user to pay a specified amount of money.

Encrypting files isn’t new, of course, but now malware authors are using such encryption to extort money from unsuspecting computer users. The problem is that the encryption that is used cannot be broken by brute force methods, so either the data is lost, or the ransom needs to be paid. More and more ransomware are starting to make their rounds among computer users, and there could be much more robust, efficient ransomware, with stronger encryption, in the future.

While this may sound disturbing, there are many ways that you can protect your computer from ransomware.

1. Backup Your Files

This first method is probably the most important one – backup your files. Backing up your files is probably the best method as you can just restore your files from the backup if they do become encrypted by ransomware. Of course, you want to make sure you have a clean system to restore your files onto, or you will just re-encrypt the files.

With regards to backup, you should backup your files to “cold storage” to prevent ransomware from encrypting your backup files. Cold storage means that you can’t access your backed up files directly from your computer all the time. For example, if you backup your files to an external hard drive, only connect the hard drive when you want to backup your files, and then disconnect the hard drive from the computer. Another example of cold storage is when you backup to cloud service online.

For me, all my backed up files are stored away on cold storage. The first is an external hard drive that sits beside my computer, but is always off until I want to get access to the files or backup new files. A second backup is stored on a portable external hard drive that is connected less often – only when I have many gigabytes of data since the last backup. A third backup is stored online with Backblaze.

2. Use a Sandbox or Virtual Machine

A great solution to protecting your data from ransomware is to limit what the ransomware can get access to. Two of the best solutions to this is to browse the Web and check e-mail in either a sandbox or virtual machine.

A sandbox is the easier of the two to setup as it runs directly in the operating system of your computer. Basically a sandbox is a separate, tightly controlled area, on your computer that you can run applications in. Any application running in a sandbox has limited access to other resources on your computer – including your files. An application in a sandbox, may be able to read a file on your hard drive, but it cannot write to the file. You can also control what applications are allowed to run within the sandbox, access the Internet, and do other tasks on your computer.

There is a great Windows sandbox application called Sandboxie that has been proven to contain ransomware.

If you are technical you may want to look into setting up a virtual machine. A virtual machine is basically another computer that runs within your current computer. You main computer becomes the host to the virtual machine. Everything that happens in the virtual machine, stays within the virtual machine.

With a virtual machine, you can install a Unix-flavor operating system, such as Ubuntu, to give good security, and then access the Web and your e-mail from the virtual machine. If you do download ransomware, it may not even execute in the virtual machine as it isn’t a Windows system, and if it does execute, then the ransomware can’t see the data files on your host computer.

You can create virtual machines for free by using VirtualBox.

3. Don’t Use an Administrator Account

Windows users have always accessed their computers using an administrator account. This account has unlimited access to the computer, and up until recently was the only type of account used. Fortunately, starting with Windows Vista – although more with Windows 7 – Microsoft changed Windows to allow users to use a limited account.

If you are using Windows Vista or later, you should not be logged in with an administrator account. You should always use a limited user account. The reason is simple: any application you run will run in the same context as your user account. This means that if your account has started a ransomware application, and you are logged in with an administrator account, than the ransomware application will have unrestricted access to your computer.

While using a limited user account will not protect your data files if you accidentally ran a ransomware application, it will limit what files it affects or what restrictions it places on your computer. A limited user account can only see their own data files, and can’t change system settings, which will help limit ransomware.

To stress the point about not using an administrator account, over 90% of Microsoft-reported vulnerabilities in 2013 could have been mitigated by using a limited user account.

I have used a limited user account for 4 years with Windows 7, and haven’t had any issues with running applications. So if you are using Windows 7 or later, don’t log in with an administrator account.

4. Don’t Open Suspicious E-mails

While this tips has been mentioned for stopping malware all the time, it is still surprising that people still don’t follow it. CryptoLocker spread by an e-mail attachment, and infected hundreds of thousands of computers. That ransomware could have been stopped, or severely affected, if people just don’t open e-mail, or run attachements from unknown senders.

Many attachments in e-mails are designed to trick users into opening the attachments. Such attachments would actually have two extensions – such as .pdf.exe or .doc.exe. All the user will see many times is the first extension and an icon associated with that extension. For example, a file called example.pdf.exe file would display just example.pdf with an Adobe Reader icon. Unfortunately, the .exe extension at the end means that the file isn’t a PDF document, but an application that will run when opened.

One of the first things I do after I install Windows is to display hidden extensions of known file types, so I can exactly see all the extensions for all the files on my computer. This helps to determine if a file has a double or a single extension.

There are many ways you can protect your computer from various forms of malware. What are some of the tips that you use to protect your computer from ransomware?

8 Responses to “The 4 Most Effective Tips to Protect Your Computer from Ransomware”

  1. My sister-in-laws computer was hacked. It wasn’t ransomware but the hacker was able to completely control her computer. She really became scared/concerned when she received a phone call from the hacker asking her to turn her computer back on (because it had just “crashed”). The gentleman spoke broken English could barely communicate with her and presented himself as being from “WINDOWS”.

    After hanging up, she contacted her ISP and they advised her to have her computer drive formatted or replace the computer. They also told her that it was inadvisable to leave her computer on 24/7. (She had been doing this.) So, that’s another word to the wise. Shut off your computer if you’re not going to be using it for hours.

    Thanks Paul!

    • Paul Salmon says:

      Hi Sherry,

      That is the first time I have heard of a hacker contacting the owner of a computer to have them turn it back on. What is scary is that the hacker knew enough about your sister-in-law to have her phone number. Formatting the hard drive would destroy anything the hacker used to control the computer.

      Having a good, secured router is the first line of defense, as well as not running the computer with an administrator account. She would also be advised to run Firefox with the NoScript plugin.

      Paul

      • Hi Paul,
        She was concerned. Her phone was through the Internet but still. It was very weird. Her computer was several years old and she was ready to buy a new one. Actually, she gave her computer to us and we formatted the drive and was able to reinstall the same version of Windows that she had and reactivated her original license. So, it made a decent computer for our daughter.

        The odd thing is that when she was buying her new computer, she mentioned what had happened to the sales person and he told her that was the 3rd computer he had sold that day for that very reason.

        My biggest concern was that the “only” thing she said she did online was banking! At least, I finally convinced her to contact her bank and change her passwords.Thanks for the tip about the NoScript plugin.

        • Paul Salmon says:

          With malware you can’t take any chances, especially when it comes to banking. Good advice about getting your sister-in-law to change her password.

          She could have gotten malware from any website online, especially websites that display popups. The NoScript plugin should help prevent some malware, as well as increase the performance of Web browsing.

  2. I would like to add one more tip that you should never click on unwanted popups and always keep your security patches updated. Also, follow safe computing practices to avoid getting trapped in vicious circle set up by the hacker.

  3. Sri Varshan says:

    A good antivirus software could also help you to some extent, any specific reason for leaving that out?

    • Paul Salmon says:

      While an antivirus program should always be installed, I left it out for a couple of reasons:

      1. It is common practice to have one installed, and is always part of a list of tips to stop malware.

      2. Antivirus programs have been proven to be ineffective against the latest variations of ransomware that have spread. Older variations can be detected.

      3. Many times antivirus software have removed files from ransomware that are needed to decrypt the files, causing headaches for restoring data.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.