Contents

1 Why You Need Protection from Ransomware
- 1.1 What can you do if you are a victim of a ransomware attack?
2 How to Protect from Ransomware
3 What I use:

Why You Need Protection from Ransomware

What prompted this article wasn’t search engine optimization, but my unpleasant experience with the ransomware Cryptolocker Trojan (difference between a virus, trojan, worm & bot). This article will show you what you can do to prevent losing your photos and data whether personal or business. I thought I was too smart for this to happen to me! I was wrong. All my files were encrypted and unusable for ever!

All I did was click on a link in the Google search results and landed on an infected site which infected my computer. Most infections come from clicking on a link in an email. I get fake emails almost every day because I don’t use a spam filter but I have always been able to spot them. Take this quiz from Kaspersky to see how you do. If you have employees, you can be sure someone will click on the wrong email!

Previous viruses and malware attacked your computer, used it for malicious purposes or stole passwords. Ransomware does that and/or encrypts your files so you can’t use them unless you pay money. This is called ransomware because they hold your files hostage until you pay money.

If you’re fortunate enough not to know what Cryptolocker (this link goes to Wikipedia-not Cryptolocker) does, don’t wait to find out. Once infected, it will “phone home” to the server or command-and-control center of its maker. It calls home to obtain a public key needed to encrypt the files on your computer and all other computers it can reach on your network.

Think this is illegal and they can’t do that? That’s what everyone tells me! They’re in Russia so you can file a complaint with the police in Russia. Even police departments and hospitals get blackmailed! I know a law firm that lost 3 months of all their work and client files.

Once you find out about it, it’s too late. Your files have already been encrypted. Transferring your files to another computer will not help. Don’t even think about trying to decrypt your files unless you’re the director of the NSA.

You will never be able to use your files again unless you can get the private key from the people who encrypted your files. This will cost you a lot of money and may not be successful. I tried to pay $500 but because law enforcement agencies temporarily stopped the criminal, my files never got decrypted.

Finally, don’t take comfort in the news that international law enforcement agencies seized the command-and-control servers. The criminals were not caught and the malicious servers may be restored. Also, copycats like Cryptolocker 2.0 and many others keep coming out and future viruses will not only continue but become even more sophisticated.

More about ransomware and images showing what fake emails look like.

What can you do if you are a victim of a ransomware attack?

EASIEST — Also the quickest. Restore your entire drive from a mirror image backup.
GOOD — Format the hard drive which will delete all data and ransomware; then re-install the operating system and software; then restore your files from a backup. (you may have to pay additional licensing fees to re-install your old software)
WORST — Pay the ransom and hope that your data will be restored (I paid but never got the decryption key).

How to Protect from Ransomware

Fortunately, it’s fairly easy and inexpensive to protect yourself. There are several things you can do (explained in detail below):

Backup your files
Use the right antivirus software
Protect your Internet connection
Alternatively, you can use Linux instead of Windows (Linux is even more secure than Apple. I recommend Ubuntu Linux)
What I use

Backup your files

Types of backups

Copy your files to a shared folder in the cloud
Backup just your files (data, photos, etc) without your software and operating system in the cloud
Backup just your files without your software and operating system on a local drive
Back up a mirror image of your hard drive locally or in the cloud

Important: any backup drive which is connected to your computer or network will be infected by ransomware.

Recommended method of backing up includes all of the following

Backup your files to a backup service in the cloud
Back up a mirror image of your hard drive to a storage device on your premises
Backup your files to a portable storage device and keep off premises, rotating with another portable storage device every week or month

Least expensive way to back up your files

The least expensive way to back up your files is to your own storage drive such as an external hard drive; portable hard drive; and/or a USB flash drive. Make sure you keep multiple copies so you don’t overwrite the good files with bad ones.

This method is ok for personal files when you don’t want to spend any money. Since you have to keep manually backing up, you probably won’t do it very often and will lose all your files since the last backup. This is a good failsafe method for businesses which are also backing up using the other methods here.

You should know that using RAID 1 (simultaneously using two hard drives), which I have, will only protect your data if one of the hard drives fails. A virus will infect both drives.

Backup “in the cloud”

You can also backup your files to off-site storage “in the cloud”. However, use a backup service, not a file syncing service. Your files may not be safe if you’re using a syncing service like Dropbox unless you have versioning. A Trojan like Cryptolocker will seek to encrypt those files and the good files stored in the cloud will be overwritten with the bad ones anyway. Online backup services now offer file syncing, so don’t take that option unless you have versioning. Versioning will make multiple backup copies so that if your latest backup copy is infected, you can restore from a previous version.

Use a backup service like Mozy.com or Carbonite.com. Make sure that you are backing up all of the files and folders that you want backed up and not just the ones that are backed up by default. Mozy keeps 60 versions of your backups so when you overwrite good files with bad ones, you can go back until you find a good copy.

Fortunately, my server with all my law practice and client files were backed up with Mozy.com and almost all of my personal files were backed up on external storage but not the last few months! I lost three months worth of scanned receipts and invoices for my business and some personal files which were on my desktop computer. I now use Mozy.com to back up my personal files as well as my office files. I also use Amazon S3 to backup my websites. Amazon S3 can secure your data using server-side encryption with customer-provided keys (SSE-C).

Back up a mirror image of your hard drive

Backing up a mirror image of your hard drive allows you to restore your entire drive at once — the operating system; all software; and data files. Mirror image backups should be checked monthly to make sure that they are not corrupt. While very convenient and far less time consuming to perform a complete restore, you should not rely only on backing up a mirror image and you should also backup your data files with a company like Mozy or Carbonite.

Most mirror image backup software is sold in different versions at various prices. Usually, the less expensive versions will not allow you to restore the backup to a different model motherboard. Make sure you purchase software which allows a bare metal restore and will allow a restore of the full system to entirely different hardware.

Mirror image backups are usually stored on a storage device on your premises because of the size of the backups.

Mirror image back up software:

Acronis — Some versions have Active Protection for ransomware. I recommend Acronis because it is one of the few that protects backup copies from ransomware.
Genie Backup
StorageCraft
BackupAssist
NovaBACKUP/NovaSTOR
Retrospect
Datto
AOMEI Backupper — The least expensive with free lifetime updates and simple to use but only has tech support by email. Also has a free version)
EaseUS Todo Backup Free

Backup drives:

MY CLOUD by Western Digital available in Personal, Expert or Pro with 1, 2 or 4 drive bays. How many drives do you need? Use this RAID calculator to see the difference.
ioSafe is a fire resistant, water resistant and theft resistant enclosure for your hard drives. Use WD RED NAS drives.

Anti-Virus Software

I was using AVG free edition which did not stop me from getting Cryptolocker. There is no way to determine which antivirus software is best because it changes at any given time. However, the antivirus that consistently performed best in the tests below is Kaspersky.

I don’t need all the features of Kaspersky PURE so I bought Kaspersky Internet Security to replace AVG. I didn’t buy the small business version because my server does not go on the internet and I don’t want to slow it down. Hopefully, I didn’t make a mistake.

After installing Kaspersky Internet Security, it slowed Outlook terribly and crashed it when I tried to reply to an email. The solution is to turn off spam protection by opening Kaspersky; click on Protection Center; scroll to the bottom and move the Anti-Spam slider to the left so it is red. Outlook is back to normal.

Kaspersky’s customer service is consistently excellent. I called them and was transferred to a knowledgeable person immediately without waiting. I later contact them by chat and was transferred to a chat with a knowledgeable person immediately without waiting. That person offered to call me and did so immediately.

You can see a comparison of Kaspersky Anti-Virus, Internet Security & PURE. Kaspersky claims to also have anti-malware and anti-rootkit which is what Malwarebytes’ Anti-Malware does.

Take a look at this Malwarebytes survey comparison of antivirus software. Malwarebytes and Kaspersky appear to be the two best.

Malwarebytes ‘ Anti-Malware (also known as MBAM) is great anti-malware software which works really well but it is not meant to be anti-virus. It is designed to work with and in addition to your antivirus software. Malwarebytes stops and detects trojans, worms, and spyware (not viruses). NOTE: Malwarebytes free does NOT provide real-time protection (I found out the hard way!). The free version is only meant to be used to clean an infected computer. You must buy Malwarebytes for real-time protection. The question is will Malwarebytes work with Kaspersky?

Malwarebytes Anti-Exploit protection for browsers provides real-time protection. Not part of MBAM, it is separately installed in seconds and is free for personal use. I have been using Malwarebytes Anti-Exploit with Kaspersky without any issues.

I recommend that you use a paid version of your antivirus software and make sure that you keep it updated. Many people purchase computers with a free trial, never pay for the software and don’t get the updates. If you don’t get updates, it’s useless.

The anti-spyware I found to be the most effective is SUPERAntiSpyware. Kaspersky says it removes spyware but it may only remove the most dangerous spyware or it’s just not effective at removing spyware. SUPERAntiSpyware removes a lot of spyware every day. The free version of SUPERAntiSpyware does the same work as the paid version but has to be manually updated and run while the paid version is automatic. I have been using the paid version for the last two years which updates and runs automatically.

Antivirus comparison

http://www.av-comparatives.org/dynamic-tests/

http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf

Infected with a rootkit? Malwarebytes (MBAR) can help

http://www.techrepublic.com/blog/it-security/rootkit-coders-beware-malwarebytes-is-in-hot-pursuit/

https://www.malwarebytes.org/antirootkit/

http://blog.malwarebytes.org/news/2012/11/meet-malwarebytes-anti-rootkit/

Free Anti-Ransomware Tool

Download a free anti-ransomware tool from Acronis. If you have Acronis True Image mirror image backup software, it’s already included. This is not antivirus software but a supplement to antivirus software.

CryptoPrevent (used to be free but now costs only $15 annually) CryptoPrevent is not antivirus software but is a supplement to antivirus software and claims it will not interfere with anti-virus software.

I use both Acronis and CryptoPrevent as supplements to Kaspersky antivirus.

Protect Your Internet Connection From Ransomware

Make sure that you or someone using your computer or any computer on your network is prevented from being infected from a malicious website before your antivirus software can even look at it. I am now using Cisco Umbrella formerly OpenDNS.com and wish I was using it before because it would have prevented me from getting Cryptolocker.

OpenDNS.com inexpensively provides enterprise protection that you can get from companies like Infoblox or Fireeye without the substantial cost of those companies. You can get it for as little as $20/year per user with unlimited computers/devices and they even have a free version. Their pricing is confusing, so you should call them.

OpenDNS.com does not replace antivirus software but is a very important addition. OpenDNS.com works by changing the DNS settings from your Internet service provider to OpenDNS.com. Not only can OpenDNS.com help protect you from getting a virus but it can also speed up your Internet connection. OpenDNS.com can even protect your devices off-site.

I got Cryptolocker by clicking on a link in an email which came from a friend. I never do that unless it’s obvious that the email was sent by someone I know. The email contained a link to a website about an unusual topic which my friend knew I was interested in, so I thought the website was okay. When I clicked on the link, I found a Google warning that the website may be infected. I closed the browser but it was too late. You should know that even legitimate websites get hacked and will infect your computer when you visit the website.

OpenDNS.com would have prevented me from getting Cryptolocker two ways. First, OpenDNS.com would have prevented me from reaching the website. Second, OpenDNS.com would have prevented the virus from contacting its command and control center had I been infected.

I started a trial account with OpenDNS.com in the morning (after disinfecting my computer) and by the afternoon, I had my second incident of going to a malicious website! I was trying to go to the website of a well-known memory manufacturer and accidentally left out one letter while typing too fast. OpenDNS.com immediately notified me that it was preventing me from going to a malicious website.

I called a friend of mine who uses Linux instead of Windows and I asked him to visit the website to see what was there. He told me that it was definitely a malicious website trying to infect him with a virus and said: “but I don’t care because I’m using Linux.” I was sold on using OpenDNS.com on the first day!

My trial account was with their enterprise Umbrella Cloud-Delivered Web Security which protects all of my devices behind my router and also protects my off-site devices for $370/year. The router service allows me to protect my server without installing their software on my server. I simply changed the DNS setting on my router and everything was immediately protected. For off-network devices, you install their roaming software.

After the trial, I purchased Umbrella Prosumer with the same protection for only $20 per year per user (if you have less than 6 users) by installing their roaming software on all of your devices. The charge is annual per user instead of per device. You can see the prices at http://www.opendns.com/enterprise-security/packages-and-pricing/. The prices shown in the large boxes are for six or more users. For less than six users, look below the large boxes at “Want a package for 1 to 5 Users?”

To check if your setup correctly and protect by OpenDNS:

http://welcome.opendns.com > An OpenDNS Web page with a large checkmark and wording that says, “Welcome to OpenDNS!”

http://www.internetbadguys.com > An OpenDNS Web page with a warning icon and wording that says, “Phishing Site Blocked!”

My questions about how to set up Umbrella Prosumer

Use Linux!

Avoid all the trouble and just use Linux instead of Windows. There are very few viruses written for Linux and you can’t get a virus when you use Linux unless you manually enter an administrator password and install it. I recommend Ubuntu Linux and it’s free!

What I use:

Microsoft operating system
Microsoft Office 365 email
Kaspersky Internet Security
OpenDNS.com – IP security
Kaspersky Antivirus
Malwarebytes Anti-Exploit
Acronis – ransomware protection
CryptoPrevent – ransomware protection
Mozy – file backup
Acronis – mirror image backup

Comments

Grahme Fischer says

April 12, 2017 at 3:29 pm

Phil,

Great article! Thanks for sharing it. I didn’t understand everything but it provides me with a great starting point for learning.

In the past I didn’t trust Kaspersky because of my 25 years in the Aerospace industry and the Soviets (a/k/a Russians) were the enemy. Now we are in a new world.

- Philip Franckel says
  
  April 2, 2019 at 3:01 pm
  
  I would recommend it for US government agencies and I have no idea why some agencies previously used it. However, there is nothing top-secret my computer and everything is backed up. My thought is that since many hackers and ransomware are Russian, maybe Kaspersky can be more effective. Just posted a survey comparison by Malwarebytes which seems to indicate that Malwarebytes and Kaspersky are the two top contenders.