Countering Crypto-Malware: A Guide to Preventing a Ransomware Infection

March 12, 2018  |  David Bisson

Ransomware had what Malwarebytes describes as a "banner year" in 2017. In the 2017 State of Malware report, telemetry gathered by the anti-malware provider reveals that business and consumer ransomware detections swelled by 90 percent and 93 percent, respectively. The monthly rate of ransomware attacks against businesses grew by approximately 10 times the rate of 2016 over the same period in 2017. A 700 percent increase in ransomware helped drive that surge, with GlobeImposter and WannaCry leading the way.

Malwarebytes 2017 State of Malware report page 6

Overall, Malwarebytes saw new ransomware development stagnate in the second half of 2017 as digital criminals shifted their focus to bring back old threats like banking Trojans and embrace new techniques, most notably malicious cryptocurrency miners. Those trends notwithstanding, ransomware isn't going away anytime soon. Users should therefore follow these five simple steps that can help them stay safe from a ransomware attack.

  1. Install an Anti-Malware Solution

While some digital attackers are turning to fileless malware, many ransomware strains still come with a digital signature. Anti-malware solutions can use these imprints to detect and block a crypto-malware threat before it has time to execute on a computer. Victims of ransomware can also use these tools to clean their computers of ransomware before they restore their data using a free decryption tool or available backup.

  1. Update Your Systems Regularly

A common delivery vector for ransomware is an exploit kit. It's a type of software package that scans for known vulnerabilities in Adobe Flash Player and other programs. If it finds a match with its hardcoded exploits, the kit launches code that exploits the vulnerability and in turn downloads ransomware onto the vulnerable machine. By staying current with software patches, however, users can block exploit kits from activating on their computers.

how exploit kits work

How Exploit Kits Work. (Source: Barkly)

  1. Avoid Suspicious Links and Email Attachments

As seen in the graphic above, one of the most common beginnings of an exploit kit campaign involves a phishing email recipient clicking on a malicious link that redirects them to a compromised website. Users aren't powerless against these tactics. They can make a point of not clicking suspicious links and email attachments, including those that come with messages sent to them from unfamiliar senders.

  1. Disable Macros for Office Documents

Microsoft Office documents come with what's called macros. They are essentially rules that users can craft in order to save time by automating repetitive tasks. Unfortunately, digital attackers often hide ransomware executables within Office macros and attempt to capitalize on users' curiosity by tempting them with an unknown attachment. Users can protect themselves against this trick by disabling macros in Office, by steering clear of unsolicited attachments, and by making it a rule to not enable macros in any document should they receive a prompt to do so.

  1. Install a Pop-Up Blocker

Bad actors don't just rely on email to distribute ransomware. They also use malvertising for delivery. In a typical malvertising campaign, a bad actor gains the trust of an advertising network by posting clean advertisements. They then abuse that trust by posting a malicious ad on a website of their choosing. This ad could pop up and redirect a user to a website compromised with ransomware before they've even had a chance to click. Acknowledging that threat, users should install an ad-blocker onto their machines and use it to prevent the automatic execution of ads on all sites they visit.

Sometimes, Luck Is Evasive….

Users can implement the steps described above along with other precautions and still suffer a ransomware infection. Acknowledging that possibility, it's important that users create and test a robust data backup strategy. They can learn how to do so here.

For advice on how to respond to an active ransomware infection, click here.

Share this with others

Get price Free trial