Ransomware is one type of malware that restricts or prevents users from accessing their own systems,files by encrypting files automatically. It will demand payment from you to get back access to the systems.
There are many different variations of ransomware that currently exist. Often the ransomware (and other malware) is distributed using email ‘spam’ campaigns, and sometimes it is through a targeted attack.
These steps you can take to harden your network against ransomware:
1. Keep backups of your files
This is essential in protecting yourself against ransomware infections. Properly maintained backups of files allow you to wipe an infected machine completely
with little to no data loss. Ransomware operations target users who are not prepared enough to have this option. Note that this backup should be stored separately
– some ransomware variants will delete Windows shadow copies of files in an attempt to remove local backups from the infected machine.
2. Keep your security solutions as up-to-date as possible
Cybersecurity is often described as only being as strong as the weakest link. Typical enterprise environments will employ numerous security solutions including firewalls,
antivirus, intrusion prevention systems, webfilters, and more. Ensuring each of these are fully updates goes a long way towards providing protection capabilities offered by the
vendors of each of these solutions.
3. Keep your operating system and other software as up-to-date as possible
Updating the operating system and applications on the machine will help provide protection against drive -by download attacks as well as help prevent the exploitation of
software vulnerabilities. Both are common avenues for ransomware infection.
4. Exercise caution when following links through email and opening attachments
Most ransomware arrives through email – either spam or phishing – and is installed on a machine once the email links are followed or the attachments are opened. Email
antivirus scanners may provide enhanced protection for this however a well-trained user is the best defense against emails from malicious sources.
5. Block binaries running from %APPDATA% and %TEMP% paths
The majority of ransomware utilizes these locations during the infection process. Blocking the execution of binaries in these locations would provide an additional
defense measure against ransomware infections.
6. Block Tor traffic
Ransomware often uses Tor to disguise its outbound communication from infected machines. Adding block rules to your next generation firewall can limit this and provide
an indicator of compromise, allowing you to remove an infected machine from the network to contain the threat and perform remediation.
7. Review write permissions on network shared files
Ransomware on a single machine could represent a large loss of data if that machine or user has write permissions on files shared across the network. These permissions should
be limited wherever possible, as they represent a potential avenue through which a ransomware infection can increase its damage done to the network.
8. Disable RDP
Remote Desktop Protocol (RDP) is a utility that allows others to remotely access your desktop. Many forms of malware access target machines using RDP. Ransomware is no
exception to this. If RDP is not required, it can be disabled to protect your machine from many types of malware and from all RDP exploits. The instructions are different
depending on your version of Windows:
Windows XP RDP disable
Windows 7 RDP disable
Windows 8 RDP disable
9. Filter EXEs in email
Consider automatically blocking emails sent with executables as attachments. It is not uncommon for spam emails to have executable attachments as a means of infecting the
target machine. If you do still need to email executables, you can continue to do this by compressing them (in password-protected ZIP files), or through the cloud.
10. Show hidden file extensions
As previously mentioned, ransomware will often infect a machine by means of a malicious attachments. Sometimes, the default Windows behavior of hiding known file
extensions can make it difficult to notice that type of file is being opened. You can change your Windows settings so that the full file extension is displayed, making
suspicious files easier to spot.
Since ransomware is definitely today’s number one cyber threat due to the damage it causes and the prevalence factor, the countermeasures above are a must. Otherwise, your most important files could be completely lost.