How To Prevent Ransomware
Ransomware is the name for a group of software variations that are designed to hijack your computer and render it useless. Sometimes specific files are rendered useless. Other times the entire machine is rendered useless. That is why knowing how to prevent ransomware is so important.
According CERT (and our own assessment) the only real way to protect computer assets is to have a good backup and recovery plan in place.
Other ways to guard against this particularly nasty software is to use group policies and white list specific applications. However, creating group policies and using application white lists are typically beyond the average users capability. The only real way for them to beat this software is to completely restore their machine to a point in time before the malware arrived.
Paying the ransom is futile. It is no guarantee that you will be able to recover your files. Moreover, law enforcement and security professionals work hard at finding these servers and shutting them down. That means if you pay the ransom the encryption keys may no longer exist, but the crooks will still have your money.
There is a difference between performing regular backups versus having a complete and effective backup and disaster recovery program. To clarify, a regular daily backup might restore your device back to a point in time when the backup was created. If that was at 4 AM then you will lose any work between the time the backup was created and the time when the disaster struck. A good backup program will constantly backup your data allowing you to restore your systems to the most recent time thereby preventing the loss of a lot of work.
How to prevent ransomeware using backups
Incremental backups offers the most intuitive method of data protection by sending the incremental changes to the backup system when each backup is performed. The very first backup is sent to the backup platform. This is called a full backup. The incremental backup process scans the data at the start of each backup, then compares it to the full backup. It then calculates and transfers the data that has changed from each file.
During the incremental backup several types of data are isolated and saved:
- changed data (files that are present in the full backup that have changed)
- new data (files that are not present in the full backup on the platform that need to be added to the backup set)
- deleted data (data that is present in the full backup that has been removed from the live data set).
This allows for only the data pertinent to the backup set that has changed to be sent to the backup drive thereby saving valuable time and storage space and eliminating the cumbersome process of transferring duplicate data copies to the backup system.
solving the ransomware problem will require more than just technology solutions
Training employees to spot email scams will go a long way towards preventing ransomware and its variants like cryptolocker. Most ransomware rides in when an employee clicks a link inside of an email. The bad guys are very crafty and they write very compelling emails that make users want to click on the links. Teaching them how to identify these scam emails is paramount to preventing ransomware.
Group Policy Changes Can Help The Average User Prevent Ransomware
CryptoPrevent is an Anti-Virus/Security Software Supplement, originally designed to prevent infection from the CryptoLocker threat which emerged in late 2013. Since that time, CryptoPrevent has grown into a robust solution, providing protection against a wide range of ransomware and other malware.
Read more about how to prevent ransomware using group policy software at this link
If you want more information on how to prevent ransomware or if you need some help with back ups, please contact us using the form above on the right. We’re here to help.