[vc_row][vc_column][vc_column_text]

How to Protect Ransomware Dubai ?

ransomware-dubaiRansomware is malicious software that cyber criminals use to hold your computer or computer files for ransom, demanding payment from you to get them back. Sadly, ransomware is becoming an increasingly popular way for malware authors to extort money from companies and consumers alike in Dubai – UAE. There is a variety of ransomware can get onto a person’s machine, but as always, those techniques either boil down to social engineering tactics or using software vulnerabilities to silently install on a victim’s machine.

Why is Cryptolocker so noteworthy?

One specific ransomware threat that has been in the news a lot lately is Cryptolocker (detected by ESET as Win32/Filecoder -check the ESET Knowledge Base for updated information on detection of Cryptolocker and other ransomware). The perpetrators of Cryptolocker have been emailing it to huge numbers of people, targeting particularly the US and UK. Like a notorious criminal, this malware has been associated with a variety of other bad actors – backdoor Trojans, downloaders, spammers, password-stealers, ad-clickers and the like. Cryptolocker may come on its own (often by email) or by way of a backdoor or downloader, brought along as an additional component.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_separator color=”blue”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Ransomware Dubai – What can you do about it?

On the one hand, ransomware can be very scary – the encrypted files can essentially be considered damaged beyond repair . Ransomware Dubai But if you have properly prepared your system, it is really nothing more than a nuisance. Here are a few tips that will help you keep ransomware from wrecking your day:

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_column_text]

Back up your data – DOSTech offer Backup Solutions in Dubai
The single biggest thing that will defeat ransomware is having a regularly updated backup. If you are attacked with ransomware you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. Remember that Cryptolocker will also encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores that you have assigned a drive letter. So, what you need is a regular backup regimen, to an external drive or backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup.

The next three tips are meant to deal with how Cryptolocker has been behaving – this may not be the case forever, but these tips can help increase your overall security in small ways that help prevent against a number of different common malware techniques.

[/vc_column_text]

[vc_column_text]Disable files running from AppData/LocalAppData folders – Ransomware Dubai
You can create rules within Windows or with Intrusion Prevention Software, to disallow a particular, notable behavior used by Cryptolocker, which is to run its executable from the App Data or Local App Data folders. If (for some reason) you have legitimate software that you know is set to run not from the usual Program Files area but the App Data area, you will need to exclude it from this rule.[/vc_column_text]
[vc_column_text]

Disable RDP to Protect your computer from Ransomware attack 

The Cryptolocker/Filecoder malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely. If you do not require the use of RDP, you can disable RDP to protect your machine from Filecoder and other RDP exploits. For instructions to do so, visit the appropriate Microsoft Knowledge Base article below:

  • Windows XP RDP disable
  • Windows 7 RDP disable
  • Windows 8 RDP disable

[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text]Show hidden file-extensions
One way that Cryptolocker frequently arrives is in a file that is named with the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions. If you re-enable the ability to see the full file-extension, it can be easier to spot suspicious files to protect Ransomware in Dubai[/vc_column_text]

[vc_column_text]Filter EXEs in email
If your gateway mail scanner has the ability to filter files by extension, you may wish to deny mails sent with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (“*.*.EXE” files, in filter-speak). If you do legitimately need to exchange executable files within your environment and are denying emails with “.EXE” files, you can do so with ZIP files (password-protected, of course) or via cloud services. Ransomware Dubai[/vc_column_text]
[vc_single_image image=”3205″ img_size=”full” alignment=”center” style=”vc_box_rounded”]
[vc_column_text]Use the Cryptolocker Prevention Kit
The Cryptolocker Prevention Kit is a tool created by Third Tier that automates the process of making a Group Policy to disable files running from the App Data and Local App Data folders, as well as disabling executable files from running from the Temp directory of various unzipping utilities. This tool is updated as new techniques are discovered for Cryptolocker, so you will want to check in periodically to make sure you have the latest version. If you need to create exemptions to these rules, they provide this document that explains that process.[/vc_column_text]
[/vc_column][/vc_row][vc_row type=”1″ bg_color=”#00aeef” bg_cover=”true” css=”.vc_custom_1482846219839{background-color: #00aeef !important;}”][vc_column][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]

Ransomware

Ransomware stops you from using your PC. It holds your PC or files for “ransom”. This page describes what ransomware is and what it does, and provides advice on how to prevent and recover from ransomware infections.[/vc_column_text][vc_column_text]

What does ransomware do?

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Ransomware can:

  • Prevent you from accessing Windows.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (like your web browser).

Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.

There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.[/vc_column_text][vc_separator color=”white”][vc_column_text]

Details for enterprises and IT professionals

The number of enterprise victims being targeted by ransomware is increasing. Usually, the attackers specifically research and target a victim (similar to whale-phishing or spear-phishing – and these in fact may be techniques used to gain access to the network).

The sensitive files are encrypted, and large amounts of money are demanded to restore the files. Generally, the attacker has a list of file extensions or folder locations that the ransomware will target for encryption.

Due to the encryption of the files, it can be practically impossible to reverse-engineer the encryption or “crack” the files without the original encryption key – which only the attackers will have access to.

The best advice for prevention is to ensure company-confidential, sensitive, or important files are securely backed up in a remote, un-connected backup or storage facility.

OneDrive for Business can assist in backing up everyday files.

 

In some cases, third-party tools released by some security firms are able to decrypt files for some specifically ransomware families. See our blog FireEye and Fox-IT tool can help recover Crilock-encrypted files for an example. Tim Rains, Microsoft Director of Security, released the blog Ransomware: Understanding the risk in April 2016 that summarizes the state of ransomware and provides statistics, details, and preventative suggestions to enterprises and IT professionals: Our Threat intelligence report: Ransomware also includes suggestions on prevention and recovery, statistics, and details.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text]

Details for home users

There are two types of ransomware in Dubai – lockscreen ransomware and encryption ransomware.

Lockscreen ransomware shows a full-screen message that prevents you from accessing your PC or files. It says you have to pay money (a “ransom”) to get access to your PC again.

Encryption ransomware changes your files so you can’t open them. It does this by encrypting the files – see the Details for enterprises section if you’re interested in the technologies and techniques we’ve seen.

Older versions of ransom usually claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.

These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.

Newer versions encrypt the files on your PC so you can’t access them, and then simply demand money to restore your files.

Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:

  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.

That’s why the best solution to ransomware is to be safe on the Internet and with emails and online chat:

  • Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
  • If you’re ever unsure – don’t click it!
  • Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).

Check our frequently asked questions for more information about ransomware, including troubleshooting tips in case you’re infected, and how you can backup your files to help protect yourself from ransomware.[/vc_column_text][vc_single_image image=”3214″ img_size=”full”][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]