Ransomware has been successful at infiltrating people’s or organizations’ computers and stealing money from desperate users who had no idea what to do.
Related post: Ransomware: What About the Law?
This cybersecurity threat is unknown to many users but has recently been on the rise according to a formal FBI warning released in 2015.
Numerous incidents have already been reported in 2016. The first signs of this malware happened in 2013 and unfortunately, there still is no definite way to stop it.
Would you or your organization know what to do if your computer were infected with ransomware? Here are 5 steps to avoid getting infected by this malware.
<h3>
What we can see is that many ransomware threats are propagated with the Angler exploit kit. Here is what should be done to protect your data:
By updating your software, it patches up the bugs and vulnerable spots which can help prevent any attacks from occurring. It is important that you always ensure you have the latest software for your applications such as:
Many infections can be blocked by using a web filtering application. The infection will not have a chance to reach your computer. For example, a lot of JavaScript code can redirect your browser to websites which will try to use the Angler Exploit Kit against you; by using a web filtering application you can directly block these websites.
Having an updated antivirus helps keep your computer safe from attacks.
Many IPS like Snort already come with some rules to detect and protect against exploit kits. Those rules don’t generate a lot of false positives and can be enabled without much risk of dropping legitimate traffic. For example, here is a Snort rule which detects an attempt of the Angler Expoit Kit:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"EXPLOIT-KIT Angler exploit kit landing page detected"; flow:to_client,established; content:"<input>"; content:"</input>"; fast_pattern:only; content:"<nobr>"; content:"</nobr>"; metadata:policy max-detect-ips drop, policy security-ips drop, service http; classtype:attempted-user; sid:37014; rev:1;)
If we take a look at this Snort rule, we can see the detection of the <nobr> tag which is not really an HTML standard, which is why this rule will not generate many false positives.
Back up your data regularly, in case you do get an attack, everything will be saved. You will not be concerned to re-install your computer anew if you do come under attack. This step is very important in the unfortunate case of an attack.
Always double check emails before opening them to make sure it isn’t spam or a virus being sent around. Make sure you know who the sender is or what the attached file is before you open it.
You can also use an antispam product or a sandbox appliance which can block emails before they reach end users workstations.
When you have a browser plug-in that blocks pop-ups, you are doing yourself a huge favor. A lot of attacks come from pop-ups which might redirect to infected websites. All it takes is a couple of seconds on a bad pop-up and you can catch something. Enabling this helps you get rid of that problem without having to worry. Once again, be careful with the kind of browser add-on you download, we advise you to start by using the most known add-ons like NoScript and AdBlock or AdBlock Plus.
As discussed earlier, updates are always good, so update your computer regularly and scan it to make sure everything is OK. This step can easily save you from an attack; you just have to take the time to do it!
By following these steps you are helping yourself to keep away from attacks. Ransomware still occurs frequently to many people but day by day the impact of it grows smaller. Get ahead of ransomware and be prepared in the case of an attack.
