I am sure everyone on my email list has heard of the ransomware attacks going on across the world. For all of you I wanted to give you some information about it and how to protect yourself from ransomware. Ransomware can be scary stuff. Your computer at home or work and all of your files can be locked up by this malicious software. So I wanted to tell others what to do about it.
Protect Yourself From Ransomware
The reason the older versions of Windows operating systems have been targeted is that they are not updated regularly. This is the main way to protect your computer from ransomware. Some can't even get new updates anymore. People who use Vista or XP need to buy something immediately.
Most people do not update their newer systems regularly either. Updating your system includes your operating system and your applications.
The other unfortunate reason is that many users use pirated versions of Windows. These versions can not get updates at all. They are ripe for exploitation so if you use one then please get a new version or move to Linux.
How Ransomware Works
People get infected by ransomware when they fall for some trick or scam. Their computer usually has to be vulnerable at the same time. The FBI, Microsoft, or the CIA is not going to email you and send you a link to open to pay some money that you owe them. These are just scare tactics so please don't fall for them.
Who Has Been Affected
What is known so far is that this software targets users who run older versions of Windows such as Vista, XP, 7, and 8.1. There were other older versions of server software affected too but they are in the minority. Most people just have to worry about XP and 7. So far users who run Windows 10 have been safe.
Steps To Protect Your Computer
Now I will get to the basic steps that are required in order to keep your computer system safe. This short list will cover most scenarios. There are several other smaller things you could do but they are harder to implement and more situational. So if you see a slightly different list somewhere that is why I did not include absolutely everything.
- Backup your computer regularly
- Use good antivirus
- Update your system regularly
- Remove SMB1 from your computer
- Install an anti-ransomware tool
- Block port 445
- View file extensions
Backup Your Computer Regularly
I probably don't need to say this but having good backups are critical. Having a good backup plan will protect you against ransomware and many other disasters.
A good backup plan is also more than just throwing files on a small USB stick. If you do not know how to implement a good backup plan then you can Google it or pay a professional IT person. It certainly wouldn't hurt for you to learn how to do this though.
If you are going to learn yourself then research the 3-2-1 backup method. It is:
- 3 copies of your data
- 2 types of media to have your data on
- 1 location other than your home
Anyone IT consultant you hire should be familiar with this and will be able to advise you on how to implement it.
3 Copies Of Your Data
Your data can be many things. It includes pictures of your kids, video of family, excel documents, letters you typed out and even game data if that is important to you. My point is that there is many types of data and whatever you have is valuable to you.
Your options to keep it on include:
- USB flash drive [portable devices but easy to lose, don't really recommend but some people do it]
- Internal hard drive in your computer [good option and simple, just add an extra high capacity drive for your storage]
- External drive made for backups [this is an external drive, powered and more reliable, usually attached by USB]
- A Network Attached Storage device [this is a file server, pre-configured for consumer use, good option for backups]
- Cloud Service [this is something like Google Drive, OneDrive, or Dropbox]
2 Types Of Media To Have Your Data On
The idea here is to minimize any type of hardware failure. So use either:
- Your internal hard drive + external drive
- The internal drive + NAS
- internal drive + cloud service
- An external drive + NAS
- Another external drive + cloud service
1 Location Other Than Your Home
This is for disaster recovery. If there is a flood, earthquake, or tornado then everything in your home could be ruined. I hope that doesn't happen to anyone but IT professionals have to account for it. You generally have two options here.
- Cloud service
- Some safe place you can go to like a friends house, work, deposit box or something like that.
It is just somewhere you can safely keep your data that will be on either an external drive or an extra NAS.
Your main consideration here is whether you care or not that another company has your data. It is not a concern for most as lots of people are fine using a Cloud service. If it matters to you though just make other arrangements so you can leave your data at an alternate location. After you are setup then have backups taken frequently so you are protected.
Imaging Your Computer
If able, you should also do this and it is very effective at getting you up and going fast. What this means is that the software takes the current state of your pc including files, apps, and settings and then it clones that over to another hard drive exactly as it is. If something is lost then it is a quick way to restore everything you lost.
There are a lot of companies that sell software like this. Just search for "pc imaging software" in your favorite search engine or call your local pc tech as he should be able to do this too.
Raid is another tool that you can use to mitigate any disasters. It is not a substitute for backup or anything else and should be used in addition to these other tools and services. It is more advanced though and harder to use so be aware that it has a learning curve.
I list this because it will depend on how important your data is. If you are a company your data could be worth million and you will be using all of these tools together.
Use Good Antivirus
Using a good antivirus will also help a lot. Most malware infections come to your computer or network through attachments or other files that antivirus will catch. This is how the Ransomware will enter your computer or network.
Ransomware is not a virus though. This is key to remember. It is important because most people think that JUST using antivirus is good enough. Many times it is not. It is just another layer of protection. The 230,000 computers that have been infected by this malware in a matter of days can attest that antivirus by itself is not good enough. You should use it but not trust it implicitly.
There are many others but one of those will work. Then remember to regularly update your antivirus because if you haven't updated in 6 months then it will not work when you need it.
Update Your System Regularly
All of the reported machines that were infected have been using a Microsoft operating system. Attackers targeted Windows systems because there are so many more of them and there was much better income potential. That said, if the machines had been updated properly and on a regular schedule then this attack could not have really happened.
When I talk about updating for a Windows operating system I am referring to the Windows updates feature. All of Microsoft's operating systems tries to do this automatically if they are legal versions. The problem is that many people turn this option off or turn their computers off at night. This will interrupt the process and it will get cancelled.
These updates include security patches to your software. These are particularly important and need to be done as soon as they come out in most cases.
Here is how to check for updates. This should work for just about any consumer version of Windows.
First: go to your control panel
Second: Click on the [System and Security] link at the top left there. You will get to the screen below. Now click on [Windows Update].
You will be taken to this screen.
If it find updates just hit the [Install] button.
Remove SMB1 From Your Computer
SMB stands for server message block. It is an antique protocol on Microsoft systems that is mostly still enabled by default. While this is a shame there is not much we can do about it yet. The best advice is to tell everyone to disable it.
It should be disabled because this is how the [WannaCry] ransomware did its evilness.
Microsoft realized SMB1 made its Windows machines vulnerable so it released a security patch that came through the Windows update system. 230,000 people,at least,did not do their Windows updates. Unfortunately that is what happens because that is what updates are for.
Here is how to take this feature off of your computer.
First step: go to the control panel.
Second step: Once there click on [Programs]. You will be taken to a screen like this below. Once there click [Turn Windows features on or off].
Third step: You will now be taken to this screen.
Fourth step: Once you see the above window you will want to uncheck [SMB 1.0/CIFS File Sharing Support]. Here is a picture below in case you have trouble finding it.
Install Anti-Ransomware Tool
This is another of those things you can do that helps. They are generally free too which I know people like. There are several companies that make good tools. I use Bitdefender for my antivirus so I use their free tool for ransomware also.
Block Port 445
If this is your pc at home then I would just block this port. This will cause some issues in businesses that run Active Directory so if you are in a business then ask your administrator first to see what he recommends.
This was the main port used in the attack. There are others that will cause issues such as ports 136-139 but those can mess with how your Windows system works. If you do the others steps like I said above then port 445 will be fine.
This port allows remote execution of files on your computer and through your network. If you have a reason to keep it unblocked then you will know enough about how to protect yourself anyway.
Here are the steps to blocking this port. There are a few ways but this is the easiest way I think.
- Go to control panel2. Then go to [System and Security]
3. Now click on [Windows Firewall]
4. Click [Advanced Settings]
5. You will now have this window.
6. Click [Inbound Rules] then [New Rule] which might be n your right. Then click [Port] and hit next at the bottom of screen.
7. From here make sure that [TCP] is checked and [Specific Local Ports] then type the number  in the box. This indicates that port 445 should be blocked.
8. Make sure the [Block the Connection] box is checked. Then hit next.
9. Make sure all 3 boxes are checked and then hit next.
10. Just provide a name for your new rule. I called mine [Block port 445] for instance. Then hit finish and your done.
View File Extensions
This is an extra step that will make your life easier when dealing with potential malware. When opening up email or seeing any other type of file sometimes file extensions are not enabled. This means you just see the name of the file but not what type of file it is. Well this is important if it is a type that is executable such as .exe, .com, or .bat.
So enabe this setting in Windows so you can easily see what kind of file you are dealing with.
I don't have Windows 7 so I can't show you pictures but this is easy and you can't hurt anything if you get it wrong. Here are the steps:
- Click the Start menu
- Type [folder option] and click the option that appears
- In the window that pops up, click [View]
- Uncheck the box [Hide Extensions For Known File Types]
- Then hit [Ok]
Your done after that.
When I say use caution I mean be careful about opening things up when you do not know what they are. Look at every email carefully that asks you to do something. Unless it is your next door neighbor and you discussed something that he was going to send you then you probably should not open it up from your email. Always go to the site on your own to log in somewhere and not the link from an email.
If something bad ever happens, and I hope that it does not, never pay for your stuff. The reason I say that is that most don't get their stuff back anyway. You are just giving the attackers money. Trust me they will not start to be ethical after you pay them. It also just encourages them to do this more and helps pay the cost for them to do it more.
Ransomware can be a real bother. No one wants to lose their pictures or video of their family. Then add the indignity of having to pay money to get them back. Since this is purely a scam, those that pay the money hardly ever get their files back anyway. That just stinks if you ask me. So please take these preventive steps I have talked about above so this never happens to you.