Defending against and mitigating the impact of ransomware

Posted on Posted in Security

With the increase in ransomware and the latest use of social media images to spread LOCKY it seemed sensible to re-iterate some guidance to not only prevent but also mitigate the impact of ransomware (and general malware for that matter)

1.      Be vigilant when online, try to visit only trusted sites (easier said than done, a trusted site doesn’t guarantee it hasn’t been compromised e.g. Forbes)

2.      Do not browse the web or access email with local administrator rights (have a separate dedicated administrator account or leave it the IT team)

a.      If you do have admin rights at least use UAC (yes it can be bypassed but it’s better than disabling it!)

3.      Use a host/client based firewall

4.      Run up to date antivirus (with sensible enterprise exclusions configured)

a.      This won’t protect against everything but will at block the known signatures

5.      Utilise a next generation firewall/Use a proxy server that has web traffic inspection

6.      Use a VPN which includes known bad site blacklisting e.g. F-Secure Freedome or a corporate VPN which then proxies and filters web traffic

7.      Save data to a central server/service that is regularly backed up

8.      Use application whitelisting/blacklisting or technology such as AppLocker

9.      Disable macros in office (use digital signatures for internal files that need them if you must enable them)

10.  Patch your OS (regularly) but also don’t forget 3rd party apps (e.g. Adobe Flash, Java etc.)

11.  Be careful which attachments you open (if in doubt don’t open it (also nothing ever has a filename of salary.doc.exe that you want to open!)

12.  Segment your network and use ACL’s (even better use policy based micro segmentation)

13.  Utilise application virtualisation (sandboxing)

14.  Use virtualisation or non-persistent desktops

15.  If you’re in education you’ve probably come across deepfreeze, this style of write protection would also mitigate the impact of ransomware (it won’t stop data or credential theft though, plus it can give an attacker a great way to leave no trace)

16.  Deploy central reporting for management and security tools, it’s far easier to contain an outbreak if you have real time data!

The key theme here is to secure in layers (defence in depth) and ensure your data is backed up. Remember the attacker has an infinite amount of time and resources and will keep innovating to mitigate standard protections, even a solid defence is no guarantee to stop a breach, but with careful planning and consideration, regardless of your budget, there are a number of simple steps that can be taken to protect your business and reduce risk.

Leave a Reply

Your email address will not be published. Required fields are marked *