Page 1 of 4 123 ... LastLast
Results 1 to 15 of 56
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    How to defend yourself from ransomware




    TOP STORY


    How to defend yourself from ransomware


    By Susan Bradley

    Despite the CryptoLocker headlines, ransomware is still a growing threat to both individual PC users and small-to-medium businesses.

    Though our malware defenses have improved, ransomware authors are finding new ways to infect our systems. Fortunately, we have options and solutions.

    The full text of this column is posted at http://windowssecrets.com/top-story/...om-ransomware/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Apr 2012
    Posts
    6
    Thanks
    1
    Thanked 1 Time in 1 Post
    Susan, thanks for the wake-up call! I do have a question, though.

    Years ago, I ran across a recommendation to establish at least two user accounts on every computer you own - an Admin account that you would generally use only to upgrade or install software and a Standard account that you would use for everything else, including Internet access. The theory, as I understood it, was that software cannot be installed on your computer without your explicit permission when you are using a Standard account. Using this approach would presumably thwart third-party attempts to install malware on your computer.

    First, is my understanding correct? Second, if it is, how successful might this approach be in preventing installation of ransomware?

    Thanks!
    Last edited by lvphil; 2015-04-23 at 05:06.

  3. The Following User Says Thank You to lvphil For This Useful Post:

    DrDanScD (2015-04-26)

  4. #3
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    The only thing I disagree with is that malware writers are finding new ways to infect computers. New variants of the same old vectors yes, not new ways. Therefore, safe computer practices still overwhelmingly (99.9%) dominate as the best preventative to infection, by ANY malware.

    For those using devices which can become infected, these stories should be all about those safe practices and the last paragraph should be the mention of anti-virus software and attachment removal, etc. Then the 75k or 100k variants a day or whatever it is are just so much "background radiation."

  5. The Following User Says Thank You to F.U.N. downtown For This Useful Post:

    northwood2222 (2015-04-23)

  6. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Susan Bradley
    I’m currently testing a free application-whitelisting program — SecureAPlus (site; Figure 1) — that’s specifically designed for home users. I have some initial reservations about this product;
    It's only free for the first year; after that there's a complex points referral program, e.g. follow on Facebook for a one-month extension: SecureAPlus Referral Program

    Bruce

  7. The Following 2 Users Say Thank You to BruceR For This Useful Post:

    csmart4125 (2015-05-20),Fascist Nation (2015-04-23)

  8. #5
    New Lounger
    Join Date
    Dec 2011
    Posts
    1
    Thanks
    1
    Thanked 1 Time in 1 Post
    I have always been a follower of the 'Run your browser in a sandbox' camp. I am not sure why this practice is not more widely used. To my mind all browsers are insecure because of one major overlying design 'feature'.... by default, a browser allows 2 way interaction between a web page and your PC it has to. So nothing you do over the internet can be trusted... ever. It makes sense then that your browser sessions should be run in a crash and burn environment. There are two options... running the browser in a virtual environment (a little challenging for the average non tech user) or in a sandboxed environment. While I have noted some Windows Secrets writers have mentioned SandboxIE in the past, it has never really caught on. While it does not prevent infection on the session itself, it really does not matter... once you delete the sandbox, the infection (of any kind) is removed from your PC. This includes Cryptolocker and its relatives. Whatever it encrypts within the sandbox is not needed anyway. I would like to hear counterpoints if there are any. Thanks.

  9. The Following User Says Thank You to PCGeezer For This Useful Post:

    Fascist Nation (2015-04-23)

  10. #6
    Star Lounger
    Join Date
    Apr 2010
    Posts
    77
    Thanks
    6
    Thanked 8 Times in 6 Posts
    "it's not easy finding an app-whitelisting solution for home PCs"

    Wow Susan, I can't believe that I just read that on a Windows Secrets article! There are plenty of antivirus / antimalware apps that use whitelisting and also can run unknown apps in a sandbox for further evaluation. Two that immediately come to mind are both well-known, that's Comodo and Webroot.

  11. The Following 2 Users Say Thank You to cavehomme For This Useful Post:

    Fascist Nation (2015-04-23),lvphil (2015-04-23)

  12. #7
    New Lounger
    Join Date
    Feb 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Susan,

    I have been using a method to protect my daughter's data that I thought I would share. I personally use a Mac which has not (yet) been attacked by ransomware, but when I first read about CryptoLocker I really panicked. My daughter is a graduate student who has all her research data and Ph.D. dissertation on her Windows 8.1 laptop. Losing all that data would be catastrophic for her. I have been using Amazon S3 to offsite archive some of my personal data and I came up with this solution for her. I installed GoodSync for Windows on her laptop and use my Amazon S3 account to sync her Documents folder to an S3 bucket. The secret keys to access the S3 bucket are theoretically only visible to GoodSync and the cloud storage is not mapped to a Windows drive letter or even visible to Windows as a network location. Unless I've missed something, none of the current versions of ransomware should be able to see that data. If you see a flaw in this thinking, I would greatly appreciate knowing it. I was even reluctant to make this response to your article and give the malware authors something else to work on.

  13. #8
    New Lounger
    Join Date
    Apr 2015
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I support a group of heavy duty PC users, and I use system image backup tools, saving the backups to local drives for speed. I note that Symantec System Recovery has a dedicated service that tries to protect the local backup files by maintaining a write lock on them. Do you think that this is an effective way to protect the backups from ransomware?

    Barry

  14. #9
    New Lounger
    Join Date
    Jan 2010
    Location
    Los Angeles, CA, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the article about Crypto-ransomware. You many not be aware of two other applications designed to protect against it. One is HitmanPro Alert and the other CryptoMonitor

    http://www.surfright.nl/en/alert
    https://www.easysyncsolutions.com/products.html

    It would be interesting if you could check these out and do a followup.

  15. #10
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,728
    Thanks
    95
    Thanked 128 Times in 125 Posts
    dfuerpo, does your daughter do all her work on that cloud you set up? In short, nothing originates on her harddrive? Copies from the cloud flow to her harddrive, correct? If yes to all of the above, great idea! Tell me more
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  16. #11
    New Lounger
    Join Date
    Apr 2015
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You said: it's not easy finding an app-whitelisting solution for home PCs

    Software Restriction Policies are built in to all Windows versions (with the exception of Home, I believe).
    The NSA even has a document showing exactly how to set this up: https://www.nsa.gov/ia/_files/os/win..._using_srp.pdf
    It works extremely well, but takes a bit of work to properly setup.
    Google "using software restriction policies to whitelist" for more resources.

    The basic theme is expressed in the last line of that document: Ensure that users cannot both write to and execute from any location.
    This prevents malware from writing and executing. It may write itself to disk, but won't be able to execute without privilege escalation.

  17. #12
    New Lounger
    Join Date
    Sep 2011
    Posts
    16
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Hi Susan.

    This is my backup scenario that I run on a home computer that has a SSD for a primary OS and Program drive and a HDD for a data drive.

    I use the paid version of Shadow Protect Desktop to make image backups to an external drive that is physically detached from the computer unless a backup is in process and when it is attached the ethernet cable is disconnected so that the computer is never backing up while connected to the Internet. Both before and after the computer is backed up the computer is shut down and the cables swapped so there is less opportunity for a program to reside in memory and cross-contaminate the computer. Both drives are on monthly backups with incrementals every few days.

    Other security software used is Norton 360, Secunia PSI 3.0, OpenDNS & Malwarebytes Anti-Malware (Paid). I also have Revo Uninstaller (Paid) with which I uninstall all software needing removal and scan for leftovers after any programs have been removed from the computer.

    Assuming that I am practicing normal safe computer techniques, is there anything else I should be doing or missed in my plan?

  18. #13
    New Lounger
    Join Date
    Jun 2011
    Posts
    10
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Susan, the following statement from your article really troubles me:

    "I'm currently testing a free application-whitelisting program — SecureAPlus (site; Figure 1) — that's specifically designed for home users. I have some initial reservations about this product; I've been unable to find much third-party information about the program or its publisher. But it does let me lock down my system so that only applications I've approved will run."

    Your second sentence (and the independent clause that follows) says more than you, perhaps, realize. It seems to me that due diligence before recommending SecureAPlus would involve continuing and careful research into both the product and the publisher. In particular, I would think a careful investigation into an unknown publisher is absolutely essential.

    Perhaps I misunderstood what you intended.

  19. #14
    New Lounger
    Join Date
    Apr 2015
    Posts
    17
    Thanks
    0
    Thanked 1 Time in 1 Post
    RollbackRX- unless somehow it messes that up too? If not, if you get any virus, or your system goes corrupt- simply do a rollback to a point in time before the infection of corruption. I would assume Rollback would be able to restore your computer to a time BEFORE the ransomware executable was run on your computer-

    It's very easy and worry free practically- of course something could happen to the rollbackrx where it becomes corrupt and won't work, but in the many years I've used it, doing probably 100's of rollbacks, it's never failed me yet- I've had several viruses I n that time, and a simple couple of mouse clicks, and virus is completely gone- no mucking around with finding hidden files, no mucking with registry keys, no searching computer files for infected code- none of that- just pull up rollback menu on bootup (It loads before windows starts to load) and do a rollback from there- easy peasy

    RollbackRX is like system restore on steroids, and does things system restore can't do- best $60 I've spent for the computer- One tiem fee- no yearly subscription-

    I would think that using rollbackRX with offsite or off computer backup, and good antivirus, and perhaps something like nortons internet security or some such program, and using whitelists would go al ong way towards ensuring protection of computer- Sandboxing sounds like a good idea too- but I do like the RollbackRX for it's ease of use and quickly restoring computer to a known good point before infections happen- takes just a matter of a few minutes, and viruses and malware and tojans etc all gone- completely- no worries

    John- the other good thing about rollbackRX is that it completely reverts a drive back in time to a point before you installed software- so everything is for sure 100% gone from computer- no uninstalling necessary- what I do if I'm installing something to try- I'll do a manual restore point in rollbackRX and then install software, and if anything goes wrong, or I decide I don't like the program or whatever, if it really messes up the computer, no worries- I just do a rollback and it's completely gone- no worries about leftover files, or files that are hidden or disguised or whatever- everything is gone
    Last edited by nazareth; 2015-04-23 at 12:09.

  20. #15
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by dfuerpo View Post
    The secret keys to access the S3 bucket are theoretically only visible to GoodSync and the cloud storage is not mapped to a Windows drive letter or even visible to Windows as a network location. Unless I've missed something, none of the current versions of ransomware should be able to see that data.
    But if ransomware encrypted files in your daughter's Documents folder, wouldn't those encrypted files get synced to the S3 bucket automatically before she knew about it?

    That's why Susan said in the article, " If you use a cloud-storage service to back up your data, be sure that versioning is turned on. If ransomware encrypts your local files, the synched version in the cloud might also be encrypted. But you should still have access to the previous versions of the files."


    Quote Originally Posted by RolandJS View Post
    dfuerpo, does your daughter do all her work on that cloud you set up? In short, nothing originates on her harddrive? Copies from the cloud flow to her harddrive, correct? If yes to all of the above, great idea! Tell me more
    I didn't read it that way at all. My guess is No, No, No.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •