There are quite a few ransomware prevention strategies, prevention techniques and software available.

  • They vary from trying to identify ransomware by definitions or heuristics in an antivirus style; or preventing an executable from running in specific directories.
  •  There are software that monitor common locations for encrypted files and attempt to stop the ransomware from further encrypting files.
  • Application white-listing is also an option (only run software that is on an approved list).

There are surrounding safety settings that can also be employed, i.e, disabling RDP and locking down outlook with safe attachments etc.

None of the above methods really provide peace of mind - they tend to interfere with day to workings and rely on frequent updates. They also suffer from false positives and potential exploits (devils advocate note: here is an interesting read about a generic approach to ransomware detection that unfortunately is not available on the windows platform: Towards Generic Ransomware Detection )

As with most conclusions about ransomware it comes down to backups. This is what Symmetric IT also recommends. A backup strategy that involves rotated backups and multiple storage places is always the best. Best case scenario if you get hit by ransomware is that you more than you simply restore your backup not more than a few hours old. Worst case scenario is you restore a backup from a fall back backup which may be a week old. So worst case scenario will never compare with losing all your data.

Your primary backup location should be protected. Windows 10 has this functionality finally built in now but Macrium does this as well ( MIG ). This takes care of your primary  backups and safe-guards it from unauthorized access. Then include a secondary backup for rotation, i.e, daily or weekly, whatever suits your workflow. This is fall back 1.

Fall back 2 should be an online method that has versioning, this is important as it will allow you to revert back to a previous unencrypted version of your data.

Fall back 3 should be another local backup that is stored not on location. This covers all other worst case scenarios.

This would leave you protected against any ransomware attack. If you are using Macrium Reflect as a backup tool then you can use your image backup to perform Rapid Delta Restores which means that you're erasing ALL tracks of the ransomware and going back to a clean state instead of just replacing the affected files.

Contact Symmetric IT if you need IT Support or structured backups that can withstand any disaster.