Top 10 Tips to Avoid Malware

In light of the latest bit of ransomware – Petya – here are tips to prevent getting hacked

The latest bit of ransomware – dubbed Petya – is currently running through banks, financial institutions and healthcare facilities in both Asia and Europe. The bug, like most ransomware, encrypts corporate data by encrypting hard drives, preventing access to needed data and computer systems. It also seems to have crossed the pond and entered the US.

Pharmaceutical manufacturer Merck reported that it had become infected with the malware as did multinational law firm DLA Piper, which counts over 20 different offices in the United States. Heritage Valley Health Systems, a health care network that runs two hospitals in Western Pennsylvania, also confirmed in a statement to Recode on Tuesday to be the victim of the same ransomware attack that has spread around the globe.

Petya in and of itself is a bit problematic in that this particular bug has the ability to adapt and mutate quickly, often working around patches that have been released by operating system and anti-malware vendors alike. With Petya, it’s difficult to insure your computing systems stay malware free. Anti-malware and OS vendors are having a great deal of trouble staying ahead of the game.

So, what’s the best way to stay Petya (as well as other phishing and ransomware infections) free? The best advice I can give ANYONE is to follow these top 10 computer security tips.

1. What’s in a Name?
Just because you see an email in your inbox from a name you recognize doesn’t mean they sent it to you. Be wary of all email in your inbox. Inspect the email address. If it looks suspicious or if you don’t recognize the domain (the wording after the “at sign” – for example @microsoft.com), don’t open it. Delete it immediately.
2. Look but don’t Click
Hover your mouse over any embedded links in any of the emails you receive. Don’t click before you do. A tool tip should appear showing the actual email address, or in the case of browser based clients, the address should display in the status bar at the bottom of your browser window. If the address isn’t one you recognize or if it looks strange, again, don’t click it.
3. Check for Spelling or Grammar Mistakes
Legitimate messages don’t have major spelling errors or clumsily structured sentences. If the message reads strangely and strikes you as unprofessional, its likely a fake. Delete it.
4. Analyze the Salutation
Messages from financial institutions will always address you by your name. They’re never going to call you, “Valued Customer.” If you get something like this from one of your financial institutions, I’d delete it and ignore it.
5. Don’t Give out Your Personal Information
Legitimate companies will never ask you to provide identity information or credentials via email. EVER.
6. Beware of Urgent or Threatening Language in the Subject Line of any eMail
Invoking fear via threatening or urgent language is a common phishing tactic. Be wary of any email indicating that your “account has been suspended,” or your account has had an “unauthorized login attempt.” There’s an excellent chance the emails are bogus.
7. Review the Signature Line
Lack of details about the signer or the absence of their contact information at the end of the message strongly suggests a phishing attempt
8. Don’t Click on Attachments
Malware payloads are often embedded in email attachments. Don’t open any you weren’t expecting, even from someone you know. Contact them offline, if possible, and confirm they sent you the attachment.
9. Don’t Trust the Information in an eMail Header
Hackers are smart enough now a days to spoof not only the display name, but the mail header as well. Even if you know how to check this information, you may not be able to validate it as genuine, so don’t bother. Assume this information is fraudulent in any suspect email.
10. Don’t Believe Anything you see
This is NOT your father’s internet any more. The world is hell bent on stealing everything you own and could own in the future (your identity, your credit, etc.), so the best defense is a strong offense – don’t trust anyone or anything you suspect is illegitimate. It may look valid, but it’s better to err on the side of caution that to spend the next 8 to 14 months straightening out your credit because you were the victim of a phishing attack. If you have even the slightest doubt or it even remotely looks suspicious, don’t open the message.

The point of all of this is that THIS particular piece of malware REQUIRES diligence.

Petya is rapidly changing. Its mutating and adapting to patches and detection engines in popular and well known, professional grade malware prevention products. You HAVE to be careful here, or you may end up losing everything on your PC.

Aside from the above, you should also do the following proactive steps on a regular basis. (start NOW if you haven’t done these yet, and insure that you do it malware free):

1. Install and Run an Anti-Malware Package
I have used a number of different packages over the years. Right now, one of my favorites is IOBIT Advanced SystemCare 10 Pro. Regardless of what you use, get one, install it, and use it… often.
2. Get your data on a cloud service
Whether we’re talking productivity files (Word, Excel, etc.) or pictures and home movies, it doesn’t matter. Get your data synchronizing with a cloud service so that you have an easy way to get your data back if it gets taken hostage.
3. Start a Local Backup Regimen
Macs have Time Machine. Windows users have Windows Backup; or you can use AOMEI Backuper and AOMEI Image Deploy. However, any way you cut it, you need to start and execute a local backup plan.
4. Start an Off-Site Backup Regimen
In order to do this, you need an off-site back up service like Carbonite or Backblaze. These low cost, subscription based services allow you to back up your computer over the internet and allow you to do a simple restore as well via the internet or via a hard drive that you can order and have delivered to you.

So, in summary:

1. Trust your Gut. Don’t open goofy looking email. Just delete them
2. Backup your data
3. Install and run an antimalware app

Have you gotten hit by ransomware? Have you paid the ransom, or have you just blown or replaced the drive and started over? I’d love to hear from you if you have gotten bitten. If you have, hit me up in the Discussion area, below, and tell me all about it.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox