Skip to main content

 

Hello Webroot Community!

 

I wanted to spend some time with you to answer your questions about Ransomware. Webroot is holding a LIVE Q&A session right here on the Webroot Community.

 

Please use this time to post your questions about Ransomware, and I will answer as many as I possibly can between 10-11 a.m.

 

Webroot will also be giving away a $100 Best Buy.gift card as well so be sure to post your questions!

 

 

 
To get us started, we wanted to ask @ about how to best protect yourself against phishing emails. 

 

 
Can ransomware encrypt files on a NAS if there are NO mapped drives to it (pretty sure it can if drives are mapped)?



Thanks in advance.
Great question Drew!

 

First things to do is to evaluate the email and see it resembles typical social engineering templates. Usually, there is a call to action to click a link. This link is usually the phishing site that you should avoid. Hovering over the link with your cursor will reveal the URL and make sure to check it as it almost always never resembles the actual domain of the company that they are spoofing - like google, apple, dropbox, chase, wellsfargo, ect. 

 

The best way to protect yourself is to have a solution that can block these URLs from even resolving and displaying on your browser so you never have a chance to fall for them.

 

There are also other phishing scams that have no link and will just threaten you will a false claim to pay bitcoin. Here is an example of one of these. 

https://community.webroot.com/t5/Tech-Talk/Social-Engineering-What-to-look-out-for/m-p/331714

 
If the drive is not mapped that will definitely help as it will avoid a good portion ransomware and this was very common tip with early ransomware, but we've seen some more advanced samples that will attempt to map all accessible drives before encryption with mixed success. 

 

Also if the criminal breached your system through compromised RDP, then, of course, they will manually map any drives before dropping a ransomware payload.
You mentioned in the video that side loading will put you at risk for ransomware, can you expand on that?
Absolutely!

 

So many advertisements you will see while browsing on your mobile device will offer apps that do things for free that usually you only get with premium paid apps. However, these apps require and instruct you disable security settings on your phone and allow installation from unverified sources. This is definitely something everyone should caution against unless you are an advanced user that knows exactly what you are doing. 

 

This type of tactic is a breeding ground to trick people into installing malicious apps that usually have embedded trojans in the device that will steal personal contact information and in extreme cases will give remote access to the criminal to your phone and all your actions you conduct on the device. 
Thanks, Tyler.

 

While I take nightly images of my PC, I've always been concerned about the files that are on my NAS. When I originally setup the NAS, before Ransomware, I had mapped each of the 4 folders that reside on the NAS; Music, Pictures, Uploads, and Video. After reading that Ransomware can affect mapped NAS drives, I decided to set all folders that were mapped, except the 'Uploads' folder, as 'Read Only'. It makes it a little inconvienient when adding to those folders, as I have to change permissions, but most of the access to those folders is read only, anyway. I only add content every so often. The 'Uploads' folder is at risk in this configuration, but I only use that folder as a temporary landing spot to upload files when away from home, before being moved to one of the other folders on the NAS or to a particular PC. Most of the time this folder is empty. The threat of ransomware has me so concerned that each weekend I run a full backup onto a 2.5" external drive, of which I have two. Each Monday I swap out the drive and leave it in my desk at work, just to have an off site backup. Looking into getting a cloud storage option in place, as well.

 

Thanks for the info @. 😉
Thanks @ for answering a few questions this morning and for everyone that attended.

 

If you haven't seen it already, Tyler shot video on ransomware and how to best protect yourself online: 

 



 

We'll be looking to do more of these LIVE Q&A's in the coming months. In fact, our next one will be at the end of this month focused on taking control of your privacy and protecting yourself on the go using a VPN. Be on the lookout for dates and times soon! 

 

Thanks again! 

 

 
I received my.gift card yesterday. Just wanted to say thanks and 'Holy Crap'! :p

I had no idea there was a.gift card involved, when I participated, let alone a $100 one! :S 

 

Thanks very much @, @, and Webroot for the generous.gift. It will come in handy at Christmas-time. ;)

 

Thanks again!
@ wrote:

I received my.gift card yesterday. Just wanted to say thanks and 'Holy Crap'! :p

I had no idea there was a.gift card involved, when I participated, let alone a $100 one! :S 

 

Thanks very much @, @, and Webroot for the generous.gift. It will come in handy at Christmas-time. ;)

 

Thanks again!

No problem! Thank you for participating 🙂
You're welcome, Lara. I'm glad I did! 😃
Thanks so much @! I'm glad you liked the surprise! 
@ wrote:

I received my.gift card yesterday. Just wanted to say thanks and 'Holy Crap'! :p

I had no idea there was a.gift card involved, when I participated, let alone a $100 one! :S 

 

Thanks very much @, @, and Webroot for the generous.gift. It will come in handy at Christmas-time. ;)

 

Thanks again!

Congratulations @
Thanks, Jasper. It was a nice surprise. I just happened to be at the right place at the right time that day of the Q&A. 😉

Reply