Ransomware is a type of malware that encrypts files on your computer and demands payment to decrypt them. It has become an increasingly common threat in recent years. The best way to deal with ransomware is to prevent it from infecting your Windows 10 computer in the first place. This article will discuss various methods to help block and prevent ransomware attacks.
Keep your Windows version and security software up-to-date
Microsoft regularly releases security updates to fix vulnerabilities in Windows that ransomware exploits. Keeping your Windows version up-to-date ensures you have the latest security fixes. Enable automatic updates on Windows to automatically download and install updates. Also keep any third-party security software on your computer updated to have the latest ransomware signatures and protection capabilities.
Exercise caution with email attachments and links
Ransomware is often distributed through phishing emails containing malicious attachments or links. Be wary of unexpected emails from unknown senders, especially if they contain attachments or urge you to click on a link. Do not open attachments or click links in suspicious emails. If an email contains a link, hover over the link to preview the URL before clicking. Watch for misleading URLs.
Back up your files regularly
Maintaining regular backups of your important files is crucial to minimize damages from a ransomware attack. Enable Windows Backup to automatically backup files. Or use a third-party backup tool to backup files to an external hard drive or cloud storage. Disconnect the backup drive when not in use to prevent ransomware encrypting those backup files too. Having backups ensures you can restore your data after removing the ransomware.
Avoid downloading software from unofficial sources
Downloading and installing software from unofficial or unknown sources raises your risk of infecting your computer with ransomware hidden within the software. Stick to downloading software only from the official developer or company websites. Avoid websites offering free software or pirated software which commonly spread malware.
Use ad blockers in your web browser
Ransomware code is sometimes distributed through malicious ads or pop-ups on websites. Installing an ad blocking extension in your web browser can help stop such malicious ads from appearing while you browse. Adblock Plus and uBlock Origin are popular ad blockers for Chrome and Firefox.
Disable macros in Microsoft Office files
Macros in Microsoft Office files like Word and Excel documents are sometimes used to spread ransomware. Disable macros from running automatically in Office programs. Only enable macros if you specifically need to run a macro from trusted sources.
Avoid browsing suspicious websites
Browsing websites promoting illegal or pirated content often exposes you to ransomware downloaded onto your system. Stick to visiting reputable, legitimate websites to lower your risk of drive-by ransomware attacks through malicious ads/scripts on such sites.
Use popup blockers
Like malicious ads, ransomware code can also be distributed through malicious pop-up windows on websites. Browser popup blockers prevent such pop-ups from appearing during browsing sessions. Most modern web browsers have inbuilt popup blocking or allow extensions that provide popup blocking functionality.
Disable Remote Desktop Protocol if not required
The Remote Desktop Protocol (RDP) allows remote administration of a computer. Ransomware cybercriminals can exploit any improperly configured RDP access to infect systems. If you do not need RDP, it is recommended to disable it to reduce the attack surface for ransomware threats targeting RDP.
Keep your applications updated
Hackers exploit vulnerabilities in unpatched and outdated applications to distribute ransomware. Regularly install the latest updates for all the applications installed on your computer. Cloud-based applications like web browsers may automatically apply updates. But for other programs, enable auto-updates where available or check periodically for new updates.
Use the Protected Folders feature in Windows 10
The Protected Folders feature in Windows Security provides ransomware protection for important folders. It prevents unauthorized changes to files in protected folders like Documents, Pictures, Videos, etc. Enable this feature to safeguard your critical data from modification or encryption by ransomware.
Disable SMBv1 file sharing protocol
The Server Message Block version 1 (SMBv1) protocol has vulnerabilities exploited by ransomware like WannaCry. Microsoft has deprecated SMBv1 but it may still be enabled on some Windows PCs. Disable SMBv1 if you do not require it for file sharing to make your system less susceptible to ransomware worms targeting SMB.
Avoid opening suspicious attachments in email
One of the main infection vectors for ransomware is malicious email attachments. Be extremely cautious when opening attached files in emails, especially from unknown senders. The attachment may contain embedded ransomware code that gets executed on opening. Save attachments to your computer and scan them for malware instead of opening directly.
Enable Windows Defender
Windows Defender is the built-in anti-malware solution in Windows 10 providing protection against ransomware. It may be disabled by some users installing third-party antivirus programs. Ensure Windows Defender is enabled and providing active protection even if using another primary antivirus application.
Use Device Guard to restrict software allowed to run
The Windows 10 Device Guard feature lets you restrict which applications are allowed to run on a system. You can create code integrity policies that only allow trusted executables signed by Microsoft and your organization to run. This prevents untrusted programs including ransomware from executing on the device.
Enable Windows Firewall
Windows Firewall filters network traffic and blocks connections from unauthorized or malicious sources. Keep the firewall enabled at all times to prevent ransomware threats from reaching your computer from such communication channels. Enable the firewall for both inbound and outbound connections.
Use authenticated emai protocols like SPF, DKIM and DMARC
Email protocols like SPF, DKIM and DMARC enable authentication of the source of emails and prevent spoofing. Implementing these email authentication protocols reduces the risk of phishing emails used to spread ransomware reaching your users’ inboxes.
Educate employees on ransomware best practices
Human error is one of the leading causes of ransomware infections. Educating employees on best practices like identifying suspicious emails, safe web browsing, strong passwords is essential. Conduct regular security awareness training for employees. Test them with simulated phishing and ransomware attacks to identify gaps and further improve security behaviors.
Disable administrative shares
Administrative shares like C$, D$ etc. allow access to drives for administrators. Ransomware worms probe such administrative shares and spread using available credentials. Unless absolutely necessary, disable administrative shares to block this ransomware spread vector.
Use Software Restriction Policies to block untrusted executables
Software Restriction Policies (SRP) allow restricting executables from running based on rules like path, hash, certificate etc. Create policies to block unknown or untrusted executables often used to spread ransomware from running on the system.
Set folder permissions to prevent unauthorized access
Assigning least privilege permissions on folders prevents unauthorized apps or users from accessing and modifying files. Remove unnecessary permissions from folders, especially Full Control which allows ransomware to encrypt files. Grant modify access only where required to limit damage from potential ransomware infections.
Disable Office macros and only allow trusted sources
Office macros are commonly exploited to deploy ransomware on systems. Disable Office macros entirely to prevent such attacks. If business needs require macros, enable them only for trusted documents signed by verified publishers. Block macros from the internet and restrict them to vetted sources only.
Use Controlled Folder Access to protect critical folders
Windows Defender provides the Controlled Folder Access feature that protects sensitive folders like Documents from unauthorized changes by ransomware. Enable this and only allow trusted apps like Office programs to modify protected folders. Untrusted processes will be blocked from making any changes.
Leverage the Windows AppLocker allow list policy
Windows AppLocker allows creating allow list policies to only permit authorized applications to run on a system. Configure rules to block unsigned, unknown executables outside of the allow list. This prevents malicious apps including ransomware installers from executing on the device.
Disable the Windows Script Host if not required
The Windows Script Host enables running of VBScript and JavaScript which are sometimes abused to run ransomware. If you do not use scripts, disabling Windows Script Host reduces the attack surface for malicious scripts carrying ransomware payloads.
Enable tamper protection
Some anti-malware tools like Windows Defender provide tamper protection capabilities to prevent ransomware disabling security features. Tamper protection locks down security settings against changes and ensures ransomsware is unable to turn off your defenses before attacking files.
Apply the principle of least privilege
Following the principle of least privilege limits all users, processes and applications to only the permissions they absolutely require and nothing more. This contains the damage if any part of the system is compromised. Restricting processes using least privilege makes it harder for ransomware to spread and encrypt files.
Disable SMBv1 and enforce SMBv2 and higher
SMBv1 is an outdated protocol with known vulnerabilities targeted by ransomware like WannaCry. Disable SMBv1 across your environment. Only allow modern SMBv2 and higher versions that have better security. This hardens SMB file sharing against exploits by ransomware.
Use Windows Defender Application Guard in Edge
Windows Defender Application Guard is an isolated container in Microsoft Edge that protects against untrusted websites impacting the hosting device. Browsing suspicious sites in this sandbox prevents download or execution of ransomware malware on the system.
Disable powershell if not required
PowerShell is frequently misused by ransomware authors to download and run malicious code on target systems. If PowerShell access is not legitimately required in your environment, disabling it reduces the attack surface by eliminating this scripting avenue.
Conclusion
Ransomware attacks can have crippling effects on individuals and businesses. While no single method offers complete protection, implementing a combination of preventive controls significantly reduces your risks from ransomware infections. Keeping software updated, avoiding suspicious attachments/links, restricting user permissions and leveraging platform security tools like Windows Defender provide multiple layers of hardening against ransomware attacks.
Education is key as end users are a common point of failure leading to ransomware compromises. Ensuring your users understand ransomware dangers and exercise caution with emails, downloads and web browsing improves your human firewall.
Backups also continue to serve as an important last line of defense against ransomware by enabling recovery of encrypted data without paying ransoms. Their importance cannot be overstated in a well-rounded ransomware resilience strategy.
Staying vigilant and proactively securing your environment gives you a significant advantage over ransomware threats. But it is still important to ensure robust incident response capabilities are in place to contain and remediate any infections that do occur before they spiral out of control.