How to Protect Against Ransomware: A Practical Guide

By /

Listen to this Post

Featured Image
Ransomware attacks are escalating, and organizations must be prepared to respond swiftly. Below are actionable steps, commands, and techniques to mitigate ransomware risks and recover effectively.

You Should Know:

1. Prevention & Detection

  • Keep Systems Updated: 
    Linux (Debian/Ubuntu) 
sudo apt update && sudo apt upgrade -y

Linux (RHEL/CentOS) 
sudo yum update -y

Windows (PowerShell) 
Install-Module PSWindowsUpdate -Force 
Install-WindowsUpdate -AcceptAll -AutoReboot

  • Disable RDP if Not Needed (Common Attack Vector): 

    Windows 
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

Linux (Disable SSH if unused) 
sudo systemctl disable ssh --now

  • Use Strong Endpoint Protection: 

    Install & Update ClamAV (Linux) 
sudo apt install clamav clamav-daemon -y 
sudo freshclam 
sudo systemctl start clamav-freshclam

2. Backup Strategies

  • Automate Backups (Linux): 

    Daily compressed backup 
tar -czvf /backups/$(date +%Y%m%d).tar.gz /critical_data

Sync to remote server (rsync) 
rsync -avz --delete /backups/ user@remote:/backups/

  • Windows (PowerShell Backup Script): 

    Compress-Archive -Path "C:\Important" -DestinationPath "D:\Backups\$(Get-Date -Format 'yyyyMMdd').zip"

3. Incident Response

  • Isolate Infected Systems: 

    Linux (Block network access) 
sudo iptables -A INPUT -s <infected_IP> -j DROP

Windows (Disable NIC via CMD) 
netsh interface set interface "Ethernet" admin=disable

  • Identify Ransomware Processes (Linux): 

    ps aux | grep -i "crypt|lock|ransom" 
kill -9 <malicious_PID>

  • Check for Suspicious Files: 

    find / -type f -name ".encrypted" -o -name ".locky"

4. Recovery Steps

  • Restore from Backup (Linux): 

    tar -xzvf /backups/latest_backup.tar.gz -C /

  • Windows (Restore from Shadow Copies): 

    vssadmin list shadows 
vssadmin resize shadowstorage /for=C: /on=C: /maxsize=10GB

What Undercode Say:

Ransomware is no longer a hypothetical threat—it’s a reality. Proactive measures like patch management, network segmentation, and air-gapped backups are critical. Organizations must conduct regular fire drills (like Druva’s workshop) to test response plans.

Key Commands Recap:

  • Linux: clamscan -r /, `chmod -R 750 /sensitive_dir`
  • Windows: `Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux`
  • Network: `nmap -sV –script=vuln `

Expected Output: A resilient infrastructure with minimized downtime during attacks.

Prediction: Ransomware will increasingly target cloud storage and AI-driven systems in 2025, requiring stricter zero-trust policies.

Relevant URL: Druva Ransomware Workshop (if registering).

IT/Security Reporter URL:

Reported By: Robert Terro – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: