How to become ransomware proof’ish

Ransomware should be dead

If you want to know how you can become ransomware proof, then you are at the right place. In this article we will discuss how to become ransomware proof.

Ransomware can do real damage to an environment, simply because it will lock out the user of accessing files which are stored on the device.

The next step in an ransomware attack is the moment that the attacker will inform the user that ransom needs to be paid in order to regain access to the ransomware locked files.

By knowing this, we know that files are being targeted to force the individual to pay the ransom, and this is something which we will further discuss by providing tips on how to become ransomware proof.

Tips on how to become ransomware proof

Macro’s

Once you receive a file which demands macro’s to be enabled, simply investigate the macro before enabling the macro function. Malware authors try to obfuscate their macro, so simply look if you see a weird macro. Like the one below.

Example of Locky Macro

Antivirus

I cannot stress this enough. Buy yourself a decent and legally licensed antivirus solution for your endpoints. Antivirus solutions can detect ransomware families before they are executed. There is no excuse for not using an antivirus solution. Buy one, install it, update it, and keep it updated.

 

Mess with ransomware

Did you know that malware authors include checks for the ransomware to identify if it is being researched and analysed? Well, there are some fun and easy tricks you can use to trick the ransomware into believing that it is on a analysis system.

The reason is simple, it will trick the ransomware into thinking it is on a analysis system, forcing itself to stop any malicious processes as it wants to stay hidden.

Tips and tricks against ransomware

  • Install an older Cuckoo Agent on the default Cuckoo path
  • Don’t have any recent opened files
  • Install Wireshark on your system
  • Place VM drivers files in your NON-VM environment, for example, create a bogus file:
    • “C:\windows\system32\drivers\vmci.sys
    • “C:\windows\system32\drivers\vmhgfs.sys”
    • “C:\windows\system32\drivers\vmmouse.sys”

User Access Control in Windows

There is this option in Windows called User Access Control, this option allows you to help the system to prevent malware and ransomware from damaging your device. Read it and dominate it. UAC settings towards high, and learn to use your Windows system like that.

Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator’s knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.

Errrr

We can continue explain to you why it is important to have backups, and why you should have anomaly detection implemented which focuses for example on file creation and changes, but we know that there is already a lot of information regarding this on the web. We are already glad that you have an interest in creating a safer environment, keep up the good work and share and implement your knowledge with your surrounding.