Installing the patches software developers release is one way users can help protect themselves from ransomware. But developers need to strike a balance between quickly patching vulnerabilities and taking the time to make sure they don’t introduce other vulnerabilities or have compatibility issues, said Black Hills Information Security owner John Strand.
For Strand, installing patches is far more safe than not. Waiting for developers to work out bugs only leaves the window open wider for users to be compromised, explained Strand, who spoke with SC Media Editor in Chief Jill Aitoro during a SC Media eSummit on ransomware.
Strand noted that bad patches, especially those in high-profile cases such as SolarWinds, are damaging primarily in because they contribute to an anti-patch mindset.
“You have a bad patch that got pushed out through SolarWinds and it introduced malware – that's a big deal,” he said. “There's no question that is a problem. But 99.99% of the patches work just fine.”
In addition to patch management, there are other steps Strand said companies and users can take to protect themselves from ransomware. For example, ransomware protection in Windows 10 can be configured to backup critical files to OneDrive, and to monitor files and folders for encryption and ransomware-style activity.
“Go check out your Windows 10 ransomware settings, turn it on, and you’re going to be much safer than before,” said Strand.
There’s also a free tool called Raccine that monitors volume shadow copies for deletions. That partition in hard drives is the first thing ransomware goes after when it starts encrypting files, explained Strand, so computers running Microsoft can’t restore from the last known good configuration.
“By simply watching the processes that are trying to delete that backup will stop a tremendous amount of ransomware,” Strand said.