AV is not enough protection for the new era of cyber attack paradigm

Recently, I’ve been using more than AV for my work PC to tighten the security. The landscape of the attackers is expanding to more scary things like ransomware attacks and I think it is important for everyone to understand what is ransomware. ESET Ransomware Explained(vid) is also a short nice video of what ransomware capable of. AV can’t detect and prevent them. The attackers are more clever than ever to construct a payload that can exploit the system without the knowledge of AVs. Behavioral monitoring is necessary to detect these next generation attacks. There is ton of security practices for end-users to avoid these exploits from getting inside the system. Check NoMoreRansom project for preventive measures. To get latest news and ransomware information, Ransomwares is a great source. Sophos Anti-Ransomware kit contains impressive resource to learn about ransomwares.

Preventive Measures

This is the list of security tools that we can use to prevent the rasomware and exploits.

Data backup scheme

There are several ways to backup your data; cloud back up or hardware appliances or both. Lacie makes high-end storage products but costly. I uses WD Passport that capable of hardware encryption and utility program that backup data automatically. For insensitive data, it is “ok” to back up to cloud storage services but keep in mind that data is at risk.

Network Monitoring tool

Yes. Turn on default Windows Firewall. It’s a must. What we can do more is by using a firewall with advanced features that give you visual information and alerts on real-time of network traffic and new initiated connections. I use glasswire for this purpose and free version is a good start for everyone. The alternatives are Comodo Firewall, NetWrox, and so on.

Endpoint Security solutions

There are several solutions that detects prevents malwares and ransomware attacks. These tools monitor and detect the behaviors of ransomwares continuously and remediate the exploits. Some popular vendors are Sophos, Bitdefender, Kapersky, Trend Micro, Malwarebytes, Sophos, Carbonblack, and so on. Do the research for the best product that can prevent evolved and sophisticated ransomwares before selecting it.

Post-Ransomware

Ok! we fail to protect ourselves. Before paying to the devil attackers, these are the process we can try to decrypt/recover ransomware.

Ransomware Decryptors

For some common rasomware variants, you can check decryptors tool at Ransomwares. NoMoreRasomware also have a collection of decryptors from R&D team of several security vendors.

Community Help

If the decryptors are not working, Crypto Shrieff is a community program to fight rasomware and help you to decrypt the keys.

Data Recovery Solutions

This is for the scenario that you don’t have any backups and none of the above steps work. Prosoft, KrollonTrack and SEAGATE offers great data recovery programs that you can try without buying at first. In that way, you can evaluate how many percentage of data loss can recover.

If you have the big question of why we are bothering recover tool since it costs money as well as paying the attackers. Check the answer from this Should We Recover Files From Ransomware – Is It Safe.

Epilogue

Ransomware is a new breed and not as popular as malwares or virus. However, there is a great chance that it can be infected our system. Attackers are taking advantages of end-user having no-knowledge on this attack type and penetrating through the vulnerabilities of the system easily. So, upgrade our knowledge and update the endpoint security stacks to attack against ransomwares.