Ransomware - How To Stay Safe

1) Keep your computer up to date. This includes things like your web browsers, Microsoft Office, Java, Flash Player, Adobe Reader, and your Anti-Virus program. Ransomware often relies upon taking advantage of exploits. In many cases, these exploits have been patched. Patches won’t help you if you don’t apply them.

2) Uninstall any software you know you don’t use. If you use Google Chrome, you don’t need any standalone installations of Flash Player since Google Chrome has Flash Player built in. When you install a Google Chrome update, you are getting the latest version of Flash.

3) Ransomware is typically spread via email attachments. These emails may be from people you know.  The sender of the email will not know they have sent it. See number 6.

4) Ransomware can get on your computer via other means as well. Links in chat applications, bad websites, bad links in emails, bad links in documents & PDFs. Check links before clicking them by hovering over links with your mouse. If the link looks suspect, don't click it. If you are unsure if you should click something – don’t click it!

5) Don’t open email attachments from people you don’t know. Curiosity killed the cat. It also infected the computer.

6) Always be wary of email attachments from people you do know. For example, If you are on the phone with a customer and the customer says they will email you a spreadsheet or document, chances are that attachment is safe (scan it anyway). If you get an email attachment from someone you know and you are not expecting it, call them and ask them if they sent you an email with an attachment – see number 3. I have received emails with malicious attachments from customers that they didn’t knowingly send. I have called them. That has saved me from infections and it will save you too.

7) Having said all of that, I still recommend that you always download and scan an email attachment BEFORE you open it – regardless of who it is from. Most downloads go to a folder named “Downloads”. Find the file, right click on it, and look for the option to scan with your anti-virus program. See the screenshot below:

8) Keep your data backed up.

9) Keep a backup that’s NOT constantly connected to your computer.

10) Use cloud based services like Dropbox, OneDrive, Carbonite, GoogleDrive, or Box to backup your files. These services all allow you to restore previous versions of your files. If you are using a different cloud service, check with them to make sure they allow you to restore previous versions of files. After your computer has been cleaned of Ransomware, you will want to restore the previous versions of your locked files.

11) If your computer is on a network and the computer gets infected, the ransomeware can encrypt any network shares that the computer has access to. Don’t grant access to network shares unless it’s necessary.

12) If you discover that your computer is actively being attacked, shut off your computer and call me. In many cases, the hard drive can be removed and any files that haven’t been encrypted yet, can be backed up. Note that if the attack has been completed, then this won’t do any good.

13) If you’ve been attacked by Ransomware, check to see if there is a decryption tool for the strain of Ransomware that hit your computer. Some ransomware will encrypt more than just your user files. If system files or program directories have been encrypted, you will have to wipe the drive and reinstall your operating system if there are no decryption tools available. Here’s one example of a decryption tool: https://www.avast.com/c-ransomware