The ransomware attack that shut down a major pipeline in the US offers some lessons for Windows users looking to keep themselves safe. Credit: Andrey Popov / Getty Images Ransomware. It’s one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small. But there’s plenty you can do to protect yourself or your business. Be wary of what you click on Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn’t — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack. Ransomware is not new. Its history dates back to 1989. Back then, the lure was a floppy disk that installed a virus, which on the third day asked for money to get the computer information back. More recently, it was used against Colonial Pipeline, a gas delivery pipeline company on the East Coast. That attack led to a run on gas, closed gas stations, angry drivers, and bad publicity (and a reported payout in the millions of dollars) for the pipeline company. It was a real-world example of what ransomware can do to businesses. Backups, backups, backups I co-moderate a Facebook group on the topic of security and ransomware. Often, when a user comes to us to ask how to recover from a ransomware attack, our only recommendation is to ask whether they have a good backup. By that, I mean one that is run on a regular basis and stored on an external hard drive that is “air gapped” from your computer. If you can access the drive your backup is stored on, so can your attacker. So make sure that you rotate backup media and always have a copy that is offline and not connected to your system. It’s also good to investigate whether your backup software has an anti-ransomware feature that ensures the drive can’t be accessed by anyone other than the backup processes. There is no magical fix to undo ransomware, though nomoreransom.org keeps track of known attacks; if an encryption key has been released to the public by the attackers or some authority has taken over a command-and-control server — and thus gained access to the encryption tools — the decryption tool will be stored on that site. Tricking attackers If you are a bit more adventuresome, you could consider adding a tool such as Raccine, which will prevent ransomware from deleting all shadow copies using vssadmin. It runs on Windows 7 or higher and intercepts the request and kills the invoking process. Silently deleting backups and stopping the backup process is often the first sign that an attacker is going after your systems. Always make sure you keep track of the success or failure of the backup process. I personally set up alerts with my backup software so I’m notified of both successes and failures involving my key infrastructure. Keeping track of the completion of backups is a key way to track the health of your systems. Another trick you can use to try to fend off attackers is to install the Russian keyboard on your system. While the Darkside ransomware did not specifically check for its instance, Russian-based malware often will check to see where it’s being installed and avoid Russian-based systems. (You don’t have to use the keyboard, and you’ll end up with “EN” on your system tray. But it might just trick attackers into passing you by.) Another security tool that scared away attackers during a recent attack was Sysmon. This is a free tool from Microsoft that enhances the security event logs on Windows machines. When attackers using the Solarwinds vulnerability reviewed what firms they wanted to attack, if Sysmon, Procmon, Procexp, or Autoruns were installed on systems, the attackers would not go after the firm because they didn’t want to be detected. Especially for small businesses, I recommend the use of Sysmon to enhance log files on your system. What you can do Bottom line, don’t make it easy for attackers to turn you into another ransomware statistic. Here’s what you can do to lessen the chances of an attack” Make sure you do good backups on a regular basis and have multiple external hard drives that you rotate to ensure at least one copy of your files is offline at all times. Keep your browsers up to date and ensure that they update independently of the operating system. Ensure your email has good filtering, either from your ISP (if it provides your email) or by using Gmail or Outlook.com. Consider adding Duo Authentication as two-factor authentication for remote access if you use remote desktop protocol in a small business. And don’t allow merely a password between you and the outside world when it comes to remote access. These may not ensure you’re completely safe from ransomware, but they should at least make it less likely you’ll be hit. Related content opinion For tech users, change is good It’s increasingly important to avoid platform lock-in, whether you’re a dedicated Windows user, an Apple fan, or prefer Android —because with technology, change is a constant. By Susan Bradley Jul 17, 2023 5 mins Small and Medium Business Technology Industry Apple opinion Of cut cables and the sad state of tech support One of life’s lessons is that tech support never seems to improve, no matter whether it’s a phone company that cut your fiber cable or Microsoft rolling out, then reversing, changes in Windows 11. Something’s got to give. By Susan Bradley Jul 05, 2023 5 mins Technology Industry IT Management opinion With one June Patch Tuesday update, Microsoft falls short This month's updates for Windows include one fix that requires extra steps to deploy. But you’ll need to do some sleuthing to get the full story. By Susan Bradley Jun 20, 2023 5 mins Small and Medium Business Microsoft Windows opinion The good and bad about Windows 11 The latest version of Windows has seen a slow uptake since it arrived in 2021, but it’s not a bad operating system. By Susan Bradley Jun 12, 2023 5 mins Small and Medium Business Microsoft Windows 11 Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe