Skip to main content
x

Protecting Against Ransomware: Tips and Guidelines

Protecting Against Ransomware: Tips and Guidelines

Introduction:

1. Ransomware attacks have become increasingly prevalent worldwide, with instances of GandCrab Ransomware affecting Myanmar. The country has experienced significant losses due to STOP Ransomware and various other Ransomware attacks.

Causes of Attacks:

2. Ransomware attacks stem from several sources, including downloading and using Crack/Keygen files online, unintentionally opening email attachments, and automatic network attacks exploiting security vulnerabilities in computer operating systems. Even opening Ransomware files from external disks can result in an attack.

Prevention Tips:

3. In the event of a Ransomware attack, the following recommendations are provided to minimize data loss and protect against future attacks:

(a) Backup Your Data:

4. Regularly back up essential data to external disks, preferably every two weeks (or weekly if feasible). Utilize cloud storage options like Google Drive for additional security.

(b) Update the Operating System:

5. Windows users should consistently update their operating systems, as Ransomware often exploits security vulnerabilities in Windows OS, launching automatic attacks through networks.

(c) Update Anti-virus Definitions:

6. Ensure that your anti-virus software's virus definitions are updated daily to the latest versions. In addition to Windows Defender, consider using reputable anti-virus programs like ESET, Norton, or Kaspersky to counter Ransomware threats.

(d) Establish System Restore Points:

7. Create System Restore Points at least every two weeks to revert files changed by a Ransomware attack to their original state and recover accidentally deleted files. Refer to Figure (1) for a visual guide.

Figure (1)

8. Special Note on System Restore Points:

   - Most Ransomware attempts to delete Volume Shadow Copies using the "vssadmin.exe Delete Shadows /All /Quiet" command, harming System Restore Points. To prevent this, rename vssadmin.exe to vss_admin.exe under C:\Windows\System32. Admin permission is required for this renaming.

9. File Recovery Using ShadowExplorer:

   - For file recovery, utilize ShadowExplorer (ShadowExplorer.com) as depicted in Figure (2). Note that vssadmin.exe must be renamed for ShadowExplorer to function.

Figure (2)

(e) Ransomware Protection Features:

10. Implement Ransomware protection using Windows Defender, as illustrated in Figure (3). Specify protected folders and authorize applications to access them, preventing unauthorized file creation in these folders.

These comprehensive measures aim to safeguard against Ransomware attacks and minimize potential risks. Stay vigilant and proactive in adopting these security practices.

Figure (3)