Protect Against Ransomware

What is RansomWare?

Ransomware is a form of malware that infects devices, networks, and data centers and prevents them from being used until the user or organization pays a ransom to have the file or server unlocked. Ransomware has been around since at least 1989, when the “PC Cyborg” trojan encrypted file names on a hard drive. However, in recent years, ransomware attacks have become increasingly complex, targeted, and lucrative crime. Digital currency like Bitcoins are usually used as the main mode of payment.

protect ransomware

 

How does RansomWare work?

 

 

 

 

How to Protect Against Ransomware?

  • Mail Hosting Services

  • Firewall

    • Disable Remote Desktop (RDP) Connection

      • If RDP is necessary, then

        • use 2FA in SSL VPN Connection

        • Apply Security Hardening for RDP

    • Restrict any outbound connection to Command and Control (C&C) Server

  • Server

    • Disable Remote Desktop (RDP) Connection

      • If RDP is necessary, then

        • use 2FA in SSL VPN Connection

        • Apply Security Hardening for RDP

        • In Group Policy

          • Strengthen Encryption for RDP

          • Lockout Account after 5 number of unsuccessful attempt with a 60 min timeout period

    • Enable Volume Shadow Copy

      • Creating scheduled automatic restore point creation

      • Disabling by Renaming VSSAdmin

    • Perform Multi-Version

      • Local Data Backup to NAS (by IP address, not by mapped drive)

      • Remote Data Backup to Cloud

  • Workstation

    • Deploy Endpoint Security Software that can restrict and control application

    • Show File Extension

    • Perform OS and application patches or updates.

    • Enable Firewall

    • Disable Windows Script Host

    • Disable Powershell

    • Disable Macros in Office

    • Disable ActiveX on Browser

    • Install Browser Addon to block Popups or Adwares

    • Use strong password

    • Enable Malware or Virus Scan for compressed and archived files

    • Disable File Sharing

    • Switch off remote services – remote desktop and remote assistance

    • Deactivate Autoplay

    • Switch off unused connection – wireless, bluetooth, infrared.

    • Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.

      • The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.

 protect ransomware