Tuesday, March 29, 2016

Avoid or Mitigate Ransomware Risks

A big THANK YOU to the Emerging Threats Team at SophosLabs and their blog Naked Security for their excellent recommendations on this nasty but important topic.

I have taken the liberty to add some remarks just to help you remember important little details that are easy to forget in cursive.
  • Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

    But do not, I repeat, do not leave your backup device connected to the computer. Always unplug the backup device after the backup is complete!

  • Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!

    Naturally they don't tell you that the click they ask you to do will turn macros back on. They rather trick you into believing that clicking is the thing to do to be able to read what they sent you...

  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s the one you want, but you can’t tell if it’s the one you want until you open it. If in doubt, leave it out.

    Currently I do not open ANY attachments; I call the sender and have them explain what and why they sent the attachment and even if all that checks out I additionally check the attachment on
    Virus Total
  • Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

    Quite a lofty ideal as I am currently experiencing first hand.

  • Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!

    Now is a good suggestion, I will have to do that!

  • Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

    As I always preach: Update, update, update.
That is it; certainly to a large part common sense but here it is, nicely packaged and in one place.

Stay safe!

No comments: