How not to pay for your data? Seriously? What is that about? Crypto Ransomware has been on the rise for quite a while and it is getting better and more aggressive every day. Not only individuals, police stations and smaller hospitals or companies are affected big organisations like banks starting to experience very targeted attacks. Especially in the later case variants of ransom ware were found that combine several exploits and spread worm like through networks. For more information take a look at Brian Krebs post. But what can you as an individual do against it? To be honest there is no magic silver bullet that solves all problems. But with a few steps you can make it very hard for an attacker black mail you.

First of all and you do not wanna hear it again, but patch, patch, patch. Keep all your systems updated all the time and install updates as soon as possible. Why? Most updates do not only improve the functionality of your software, they also fix vulnerabilities. And what is malware based on? Exactly! Vulns in your software, which get exploited to gain more privileges, spread through the network, to replicate and finally to encrypt all your data. The more up to date your software is, the less likely it is that current malware will be able to work, because the vulnerabilities are patched. You may argue that there are still zero days. OK - compared to known vulnerabilities it is hard to write software that relies on zero days and thereby expensive. Now, a normal attacker is in the game for money. Investing upfront in a zero days and then spreading the ransom ware is not his business model - that is something for state sponsored attacks which are a completely different topic.

What is next? Backups - keep offline backups - at least once a month. At the current state of ransomware it works fast and encrypts all in one big step. You may loose all your data when the ransom ware executes exactly in that moment when you do your backup - but what a timing this must be. It is very important that do connect your backup drive only for the copying process and detach it right away after you are done. If it stays permanently mounted onto your computer it will be encrypted in an attack as well.

As a third step consider setting up a web filter for all connections to the internet. Recently I stumbled over UpriBox. This is actually a privacy filter, but with a few tweaks it can be easily turned into a strict web filtering solution. I will talk more about this within the following posts. However UpriBox is not the only way to do it. Several sites exist that summarize currently know malware distributing web sites. Build your own system to poll them and include the list in your black list. Most home routers today offer the possibility to block certain domains. Use it even - if you need to update the list of blocked domains manually every couple of weeks.

As a forth step and this is the most important point of all: Be sceptical. Do take 30 seconds or more to breath and think (!) before you click on a link or open an attachment. I know this is the hardest step and everybody fails at one point in time. However, most ransomware attacks are successful because some clicked on a malicious link or attachment. So keep your eyes open think twice and then decide what to do. Brian Krebs post provides you with even more steps how to secure your environment like for example reduce privileges to an absolute minimum or application whitelisting. I do not contradict his advices. They are all valid and things you should do. However, keep in mind that most of them help to prevent damage after you clicked on a malicious link or attachment. The click is the real problem and this should be tackled first.

Finally - hey, keep in mind: life and technology should be fun. Do not get all scared and frightened. Not every one is evil. And the few, who are, now have more possibilities to reach you. But you have also more ways to protect you. Being sceptical and thinking critically is your best weapon!

Cheers!