The best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections is a comprehensive approach to include prevention. Make sure you are running an updated anti-virus and anti-malware product, update all vulnerable software, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, close Remote Desktop Protocol (RDP) if you do not need it and routinely backup your data…then disconnect the external drive when the backup is completed.

Kaspersky labs advises RDP Bruteforce attacks are on the rise especially by those involved with the development and spread of ransomware. IT folks should close RDP if they don’t use it. If they must use RDP, the best way to secure it is to either whitelist IP’s on a firewall or not expose it to the Internet. Put RDP behind a firewall, only allow RDP from local traffic, setup a VPN to the firewall and enforce strong password policies, especially on any admin accounts or those with RDP privileges.

You should also rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files AND stop it rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

Some anti-virus and anti-malware programs include built-in anti-exploitation protection. For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate…it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft has the ability to detect unknown zero-day attacks and file-encrypting malware (ransomware) attacks.

ESET Antivirus and Smart Security uses a Host-based Intrusion Prevention System (HIPS) to monitor system activity with a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, HIPS stops the offending program from carrying out potentially harmful activity. ESET Antivirus (and Smart Security) includes Exploit Blocker which is designed to fortify applications that are often exploited (i.e. web browsers, PDF readers, email clients, MS Office components). This feature monitors the behavior of processes, looks for and blocks suspicious activities that are typical for exploits including zero-day attacks. ESET’s Java Exploit Blocker looks for and blocks attempts to exploit vulnerabilities in Java. ESET Antivirus (and Smart Security) also includes script-based attack protection which protects against javascript in web browsers and Antimalware Scan Interface (AMSI) protection against scripts that try to exploit Windows PowerShell.

Malwarebytes 3.0 Premium with Anti-Exploit & Anti-Ransomware includes a real-time Protection Module that uses advanced heuristics scanning technology to monitor your system and prevent the installation of most new malware, stopping malware distribution at the source. This technology dynamically blocks malware sites & servers, prevents the execution of malware, proactively monitors every process and helps stop malicious processes before they can infect your computer.

As with most ransomware…your best defense is back up, back up, back up and the best solution for dealing with encrypted data is to restore from backups. Backing up data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it’s one of the most neglected areas.

IMPORTANT!!! When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; remove (disconnect) and isolate all backups from the network or home computer…if not, you risk ransomware infecting them when it strikes.http://home.bt.com/tech-gadgets/computing/security/what-is-a-computer-virus-11363921495036