Don’t Pay the Ransom: Ransomware Awareness Part 2 — Prevention
A guide on how to prevent and fight ransomware for non-technical people
This is Part 2 of Ransomware Awareness. If you haven’t read the first one, click here, because from here forward, I’ll assume you’ve already read it.
By the way, the “click here” above is an example of a modified link:
click here (https://medium.com/@patalcala/dont-pay-the-ransom-ransomware-awareness-part-1-identification-230274406918)
Last time, we talked about identifying ransomware attacks. Now let’s talk about how to prevent them, because even if you are aware of them, you could still click on one by accident.
Remember? One wrong click, and you’re done.
Malware has the ability to hide itself within background services. It cleverly disguises itself as a normal application while secretly transmitting your device’s data to a remote server controlled by cybercriminals. It could be your keystrokes, the sites you visited, the usernames and passwords you inputted, or, at worst, your bank account. Ransomware, on the other hand, gets into your file system, grabs all the files it can find, and messes up their source code (their D.N.A.). It also overwrites the system’s boot (the one that decides which application to run first when the device is turned on). This means that when you restart your device after infection, you will see these messages:
WannaCry Ransomware message
Medusa Ransomware (a.k.a MedusaLocker) message
For Phishing
The only real prevention of phishing is to never click on the link or button in the first place, but as we all know, mistakes are unavoidable. The next thing we could do is stop the malware from running.
Change your DNS
Typically, a DNS (Domain Name System) role is to make sure you get the right website content when you type a URL in the browser. It acts like an address directory for websites. Each website has its own address, and every DNS service provider keeps track of it.
But there’s a few DNS providers that leveled up their services. Not only by performance but also by security.
Quad9 DNS is one of them. This DNS service will automatically block websites that are listed as malicious. Websites that are either phishing sites or sites with malicious data.
Visit https://quad9.org/ to learn more about it.
When visiting malicious websites, you might unintentionally fall into a trap, a hacking called “drive-by download.” Unlike legitimate websites that provide a visible download button for users to initiate a download, these malicious websites are more sneaky about how they do things. Instead of requiring any action from the user, the malware is automatically downloaded onto their device upon visiting the site.
Setting up this DNS will prevent that.
The setup
For IPv4:
Primary DNS server: 9.9.9.9
Secondary DNS server: 149.112.112.112
For IPv6:
Primary DNS server: 2620:fe::fe
Secondary DNS server: 2620:fe::9
Both IPv4 and IPv6 should be changed.
For Windows 10 users
Click here for instruction
For Windows 11 users
Click here for instruction
For MacOS users
Click here for instruction
For Android phone users
Click here for instruction
For iOS (iPhone) users
Click here for instruction
For Linux-based OS users
Since each desktop environment and tiling window has its own style of handling settings, it is easier to just use the terminal.
You need to edit the file /etc/resolv.conf. You can use vim, vi, or nano, depending on your preference. And change the content to this:
nameserver 9.9.9.9
nameserver 149.112.112.112
nameserver 2620:fe::fe
nameserver 2620:fe::9Basic Firewall
The term “firewall” originated in the construction industry, where it refers to a physical barrier constructed to prevent the spread of fire. This concept has been adapted and applied to the world of computer networks and cybersecurity, where a firewall serves as a crucial tool for controlling and managing network traffic. Firewalls are very important in the world of technology because they work as network security methods to stop the spread of malware.
There are two types of firewalls:
- Software firewalls
- Hardware firewalls
Most people won’t need a separate hardware firewall, but they do need a software firewall to protect them from ransomware.
Some ransomware still requires an internet connection to fully function and corrupts a device. It needs to download some dependencies or communicate with a remote server. That’s where the firewall comes in. It can block access to the internet so that only apps you trust can use it.
Firewalls are already built into desktop computers, but they are either difficult to use or limited. A third-party firewall may be able to solve this problem. Don’t worry — these applications are generously free to use, with no string attached, no hidden cost and no limits.
On Windows:
On macOS:
On Linux machine:
The built-in firewalld or ufw is fine.
On mobile devices, however, you need to download one since there’s no built-in one.
On Android:
NetGuard (available on PlayStore and F-Droid)
On iOS (iPhone):
TulaByte (available on AppStore)
Hover on the link
You can spot a modified link by hovering your mouse over it. A small pop-up will appear on the bottom left of your screen, displaying the real address of the link.
For touch-screen devices, tap and hold until a pop-up appears.
Backup
When it comes to files, backup is always the best defense. Always backup your files when possible.
For Spear Phishing and Whaling
The difference between these two types of phishing and regular phishing is that they were both targeted attacks. Unlike phishing, which sends attacks to random victims, spear phishing and whaling target specific victims, most often companies and governments for spear phishing and high-level officers such as CEOs, mayors, and presidents for whaling attacks.
“Why is it called Spear Phishing and Whaling?”
Notice how “phishing” sounds exactly like “fishing,” and how similar they are. They both set up a trap in order to catch the “fish.”
Catching larger fish would require a spear instead of traditional fishing rod and a hook. Because of that, someone or a group of people thought it would be funny to refer to phishing that targets larger fish as spear phishing. And whaling for the phishing that targets the largest fish.
Spear phishing and whaling are impossible to tell apart from the real ones. Filtering expected emails is also ineffective, because businesses and governments always expect emails, whether they are transactions, complaints, requests, fan notes, applications, registrations, or anything else. As a result, the majority of ransomware victims are either businesses or government agencies.
But here some extra things that can help you identify the legitimacy:
Verify or contact the sender
Check the sender to see if it is one of your regular customers. Cybercriminals can counterfeit their names and duplicate the message format, but they cannot entirely replicate the email address. Every letter and number at the address should perfectly match what’s on the record to verify its legitimacy.
peterparker@gmail.com and peterparker1@gmail.com are not the same.
If possible, contact the sender.
Scan the links
Copy the links provided, but be careful not to click them. And scan them on these sites:
https://radar.cloudflare.com/scan
https://www.virustotal.com/gui/home/url
Scan the attachments
If you have an anti-virus installed, scan the attached files, or you can do it online:
https://www.virustotal.com/gui/home/upload
Advanced Firewall
The goal of all phishing attacks, no matter the type, is to install malware on your device. So, the prevention mentioned above still applies as it stops the malware from running.
However, for large companies and governments, a basic firewall is not recommended. Installing a dedicated hardware firewall is always recommended. This allows you to monitor the entire network and instantly detect suspicious behavior.
Option 1: Buy a ready to use firewall device
https://www.sophos.com/en-us/products/next-gen-firewall
https://www.checkpoint.com/quantum/next-generation-firewall/
Option 2: Use a free firewall operating system (more technical)
https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition
https://www.pfsense.org/download/
But you need a dedicated device to install it with. You can either buy a cheap firewall device online (Amazon, PfSense) or from a local store, use an old laptop, or setup a virtual desktop environment. I told you it was more technical.
For Malvertising
Just block Ads
Nothing is more straightforward than that. If the problem is an ad, simply block it and you’re done.
Most browsers have ad-blocking capabilities enabled by default, and you’re probably already using one. But some of them aren’t doing the best job since they still allow the ads they have chosen to allow.
So, it’s still best to install a third-party ad blocker, and the best one on the market is uBlock Origin.
It’s available in any browser. If you’re using Chrome or any Chrome-based browser (Brave, Vivaldi, Edge, etc.), you can install it from here.
But if you’re using Firefox or any Firefox-based browsers (Librewolf, Waterfox, Pale Moon, Mullvad Browser, etc.), you can install it from here.
For Other Sources
Avoid unknown USB devices
Aside from phishing emails, calls that asking for your private information, or SMS with links. Ransomware could also be originated locally, through a malicious flash drives that you plug on your device.
In that case, avoid unknown USB devices.
Avoid downloading unknown apps
It turns out that not all programs in the Google Play Store (Android) or Apple App Store (iPhone) are safe. Some of them are infected with malware or even ransomware.
Android:
https://www.pcmag.com/news/36-malicious-android-apps-found-on-google-play-did-you-install-them
https://www.pcmag.com/news/these-21-android-apps-contain-adware
iPhone:
https://www.komando.com/security-privacy/iphone-apps-hiding-malware/852291/
Not just on mobile devices. On Windows and Mac, avoid cracked software from torrent sites; some of them contain malware.
Once again, thank you for taking the time to read this article. I hope it helped you.
Part 3 will be about fixing the ransomware and restoring the damage. And yes, you still don’t have to pay.
