Ransomware Lock Image

How To Defend And Recover From Ransomware

Like many other Technical people, my mind lately has been on the WannaCry and other Ransomware Variants.

Specifically, in how to defend yourself and/or recover from Ransomware and other File Encrypting Malware.

Best ways to Defend yourself:

  1. Latest Patches: Always install the latest patches for your Operating System. This is import not only for Windows Operating Systems but MAC, Linux, Android, and IOS. The latest updates and patches for these systems fix many Security Vulnerabilities as well as provide fixes and new features.
  2. Security Software Products: Several Security Software Products can prevent Ransomware Attacks without the need for new Definition Files to Identify the Ransomware. One of these Products is our very own CMT Remote Managed Anti-Virus and Security. We use Comodo Advanced Endpoint Protection. Here is what Comodo had to say:

 

Of the 85 million + endpoints covered by Comodo’s advanced endpoint protection solution, zero were infected!

Comodo’s Advanced Endpoint Protection (AEP) uses unique technology that treats all unknown files with a default deny level of protection and a default allow level of user access. It's the only solution in the world to use this approach, one that does not rely on a malware signature to have already been identified and included in a file signature scanner. Comodo AEP breaks the malware kill chain, making all forms of malware efforts to infect a system ineffective.

Comodo AEP places each unknown file in a protective logical container where it's only presented with virtual disks, registry and COM interfaces, preventing any malicious acts to cause harm.

While the cloud-based A.I. and human analysis is running, the file can be safely used by the user. It won't be released from the container until the analysis has finished. If a file is discovered to be bad, it's added to our own scanning signatures, automatically blocking this file being access on other machines. If it's marked as good, it will be automatically allowed on other machines.

This approach stops every malware file from infecting a machine, while minimizing your risk and security complexity. Since we don’t just rely on A.I., but also include a human evaluation in the cloud, we protect against any new, not yet seen malware technique.

We are proud to say our AEP customers are all protected from known and unknown forms of malware.

 

Some of the others are Bitdefender Total Security and WinPatrol Anti-Ransom.

  1. Backups: Backups are included in the Defend Section as well because they are necessary if you are going to Restore them later in the recover Section. You must be aware however it cannot be a continually plugged in USB Drive, you backup to because if it is connected to your PC when you get the Ransomware, your backups will also be encrypted. This will also happen if you have a mapped drive, your mapped drive will be encrypted. As long as you plug in your USB Drive, make a backup, and unplug the USB drive, then you would be fine, but for most people that becomes too much work, or they forget, and the next thing you know the backup you thought you had is Months old. There are a multitude of Backup Software Solutions and Utilities, Including, our very own, CMT Backup, if setup properly, without mapped drives, can be used to make backups of your PC.

 

 

Best ways to Recover:

  1. Restore: Restore from Backup is by far the easiest and fastest way to recover. This must be done properly as well. Some Technicians would have you just run a restore from backup over the top of the Operating System that was compromised. This may work fine and certainly, would be faster than what I am about to suggest, but it may also leave traces of the Malware and encrypted files in the background of the drive (as when you delete a file it is not really gone until the drive blocks where it was written are overwritten). I would suggest you run a utility such as “Darik’s Boot and Nuke” and overwrite the drive at least 1 pass, prior to restoring the backup. If you have an “Image” type backup then restoring the Operating System and Application should be quick and easy. If your backup is just the Important Data then you will need to include Recover #2.
  2. Reinstall: Reinstall your Operating System and start over. Again, I would suggest you run a utility such as “Darik’s Boot and Nuke” and overwrite the drive at least 1 pass, prior to reinstalling. For this, you will likely need you Recovery Disk from the Manufacturer or if you did not receive one it is likely on a hidden drive partition and you would need to boot to the Recovery Partition. As there are countless ways this could be accomplished Please check with your Manufacturer for Information.
  3. Purchase: If your Computer is older than around 3 years, you should probably retire the computer and purchase a new one. Of course, this also means starting over from scratch. You will, however, have a brand-new computer that has not been compromised and you can start with following the 3 Defend yourself paragraphs above.

 

Should you have to restart from scratch, check to see how much you may be able to recover from One Drive, Google Drive, Amazon, and other computing Devices you may have that were not encrypted, such as Tablets, Laptops, and your Phone.

 

Written by

Cory J. Woodbury, Founder, Critical Mass Technologies, Ltd. Co. We can help you no matter where you may be in the steps listed above. All our offered Services come with Service Desk as part of your subscription! So, stop by our website at https://criticalmasstech.com and see what we can do for you!

Posted in Blog Post, Ransomware.

cjwoodbury