Ransomware made easy

The concept of ransom, despite being totally unfortunate, is pretty easy to understand.

A bad actor takes something without permission and asks for money to give it back.

Adapting such a form of crime to nowadays technologies is pretty easy as well.
A malware enters your device without permission and encrypts all your files with an encryption key that is virtually impossible to decipher by chance. Then, the only window you are allowed to see on your monitor is the one with the ransom request. When (and if) the ransom is paid, the attacker will finally send you over the decipher key, giving you back access to your files.

Conceptually easy in its structure, this form of cyberattack costs millions of dollars every year, with businesses in retail, education, and IT among the most damaged.

Clearly, it is not just that, as more advanced forms of ransomware attacks exist and hit even stronger. They could leverage the threat of exposing sensitive information from the target organization or rely on innovative distribution models.

This is the case of Conti and REvil, the two most dangerous types of ransomware attacks in 2021 in terms of victims and financials. These two types of attack, fearsome on their own, found their fortune on their business model. Both of them have been spread around thanks to a Ransomware-as-a-Service model, where the cybercrime group allowed people from the outside to act as affiliates or mediums. In return, for every successful ransom obtained, these people took a share of the ransom.

The model, other than spreading the virus at an unprecedented pace, made it also harder to attribute the attacks to the original actors.

There are a few actions that everyone could put in place to prevent the risk of get in trouble with a malicious software. Installing a firewall for ransomware, for instance, is the first and most important security solution you could take to prevent exposing personal information.

How to prevent a ransomware attack

Despite being extremely hard to predict, there are a few best practices that every user could put in place to mitigate and potentially nullify the risk of being hit by a ransomware attack. Bearing in mind that most cyberattacks leverage both human and IT vulnerabilities, there are good habits and technical implementations, mainly for your firewall, that could be extremely useful. Here is a helpful list to keep at hand in your daily internet surfing.

Best practices for firewall and network configuration

Install an easy-to-use firewall, that could ease and not hinder the adoption of security habits.
Remote Desktop Protocol (RDPs) are, with phishing, the main channels of infection for Ransomware attacks. Monitoring and locking down RDP and other services with your firewall is definitely a must for your internet security. Whitelist only applications you consider safe.
Strengthen your passwords and use multi-factor authentication. This is a rule of thumb for every digital asset but take it as a suggestion also for your remote management and file sharing tools so that they’re not easily compromised by brute-force hacking tools.
Limit remote access to your computer setting rules for connection. Your firewall should allow the setup to limit port-based access via filters or passwords. VPNs are also a valid alternative to port-forwarding when accessing your organization’s network from the outside.
Enable TLS Inspection with support for the latest TLS 1.3 standards on web traffic to ensure threats are not entering your network through encrypted traffic flows.
Segment LANs into smaller, isolated zones or VLANs, and minimize the risk of lateral movement within the network. VLANs could then be secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.

Healthy digital habits

Reduce data transfers every time is possible, as more data transmissions equal to more vulnerabilities. Also, try to avoid sending sensitive data on personal devices, usually less controlled and significantly more vulnerable to cyber-attacks.
Download Carefully and check your data sources carefully. If in doubt, check on a search engine. It’s important to only download files from sources and avoid unnecessary downloads to lower your device susceptibility to malware.
Update device software, as security is (or at least should be) a top priority for every software provider. Providers work hard on continuously making their software more secure, and regularly installing the latest updates will make your devices less vulnerable to attacks.
Develop a breach response plan. Data breaches can happen to even the most careful and disciplined companies. Establishing a formal plan to manage potential data breach incidents, primary cyberattack response plan, and cyber attack recovery plan will help organizations of any size respond to actual attacks and contain their potential damage.
Change your passwords from time to time. It’s free and drastically lowers the chances of one of your accounts being spoofed.

Being the most dangerous and spread form of cyber attack, preparing against ransomware is crucial for the digital health of your business, your organization, or even yourself. Adopting a good level of skepticism and common sense with regards to digital environments, and gearing up with a sturdy antivirus and a firewall could really make the difference and save you a lot of money.

by Chris Taylor

About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

Most Windows programs remember where they were last open on your screen. When you close and reopen them, they open at the last location. Occasionally, a program might record the wrong information or you might change screen resolution and a program might open completely off-screen, which makes it difficult to use to say the least.

Make sure the program has the focus by making sure its icon is highlighted on the taskbar. In the following example, we can see that Excel and Word are running: they have a line under their icons. Word has the focus: it has a background with a different shade than the rest of the taskbar.

Press Alt-space and a context menu will appear at the edge of the screen closest to the wayward window.

Press the M key to select Move. You can use the arrow keys to move the window back onto the visible desktop.

When I recently tried this, PowerToys Run opened rather than my wanted context menu because it was set to use the hotkey Alt-space. I could have temporarily disabled PowerToys Run or redefined its shortcut, but a simpler option was to hold down the shift key while right-clicking on the running program’s icon on the Taskbar.

The context menu appeared and I pressed the M key followed by arrow keys to move the window back on-screen. Because the context menu was next to the taskbar icon for the program, rather than the edge of the screen closest to the wayward window, I had to guess which way to arrow in order to get the window back on-screen.