Author

When preparing this article we’ve asked to all the main security firms to explain which technologies or tools they offer for ransomware protection. Common signature-based antiviruses are not enough to be protected as these malware are custom-tailored for every attack and the executable is masked and modified in different ways, so that it always appears as a different version.
You already know the most obvious advice: keep Windows, antivirus and all the main software (including tools like Flash, Java and Adobe Reader which are often an attack medium) up to date.
Let’s see what information we have collected from the security firms that have replied us.

Avast, mostly known for its antivirus, talked with us about DeepScreen: this technology, part of all desktop products since the 2014 version, is based on the sandbox principle. Potential malware is first executed in a sandbox to evaluate its behaviour. According to Avast, malware uses new technologies to escape from this kind of protection, but its engine is continuously updated together with definitions, so it always includes the latest control features to avoid being deceived with a clever trick.

Avira recommends to activate the Cloud-based protection (Avira Protection Cloud -- see the image on the side). This technology sends a fingerprint of suspicious files to the laboratories of this famous security firms to check if it’s an already analyzed executable. If the file is not recognized it’s immediately uploaded online and analyzed. Avira leverages several techniques to overcome the anti-debugging and anti-sandboxing technologies implemented by malware.

How to backup PCs/servers

In order to prevent ransomware to infect your backups you can’t store them on a regular network share or on an USB disk: you must choose a local, not accessible backup or a Cloud backup like 1Backup or a similar service.

In this issue of GURU advisor we’ll explain how to leverage snapshots of the ZFS file system with FreeNAS and be protected against ransomware.

The ideal scenario is where your backup is performed on a separate Nas or server which is not linked to any domain or has reduced privileges (principle of least privileges). In any case no clients in use should directly access backups without a password (which also must not be stored). If you are already using a backup software on clients, check if you can add a pre/post backup command to use to add and the disconnect shares immediately after use.

Let’s return to one of the most dangerous and aggressive threats of the last years: ransomware, aka crypto-viruses: harmful software that encrypts or steals user data and asks for a ransom.

What is changing? How these viruses are evolving? Are there any reliable solution to get protected? It’s not easy to answer to all these questions, but a sysadmin, a technician or an IT manager today must know very well this topic and study all the possible strategies to protect data, be it on premises or outside the company.

No just new products, but also a prolonged and active support

Professor Kevin Curran from IEEE spoked about privacy, cookie law and ransomware.

During MWC we’ve met lots of people that work in a business environment and talked about their company’s vision. We had a pleasant chat with an IT professor, Kevin Curran from Ulster University in Northern Ireland, IEEE senior member, the important organization that takes care of the technological progress with a particular attention to the advantages and benefits that are brought to humanity.

How is your visit to the MWC going? what do you think about the innovations presented here?
There’s a lot of fuss about 5G as the evolution of 4G, despite 4G being not a standard yet. Everybody's talking about Cloud and Internet of Things. All these technologies are important and interesting, but in my opinion there's a lack of attention to standardization and to the support of products that are announced and brought to the market for mere economical reasons.