What makes ransomware so effective? One reason—fear.
Within the first five months of 2016 alone, 50 new ransomware families have already been seen, which is more than the numbers seen in 2014 and 2015 combined. Understanding the most common ways it attacks gives you the prioritized steps you can take to provide the best protection. Read our blog on the most common causes of ransomware. There is no silver bullet to defend against ransomware, but with these 6 ways below you are certainly much better protected.
Once you do get attacked, the simple biggest thing that will defeat ransomware is having a regularly updated backup. What you need is a regular backup regimen, to an external drive or backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup. The reason for this is that some malware, such as Cryptolocker - a specific ransomware threat that has been in the news a lot – will also encrypt files on drives that are mapped (this includes any external drives such as a USB thumb drive, as well as any network or cloud file stores that you have assigned a drive letter). Need any help backing up your important data? Gist's IT technicians are ready to help. Send us a message via our website or give us a call at 086 100 4478.
Top 6 ways to protect yourself from ransomware
- Whitelisting applications via GPO or applocker
Only allow systems to execute programs known and permitted by security policy.
- Restrict user permissions to “least authority”
Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Use an antispam solution in exchange that also detects malware
- Use two-factor authentication for RDP sessions
A large amount of tools can scan and authenticate RDP sessions in a brute force manner. Having a second way to authenticate again is very useful. When using the RDP scanner in an automated fashion, they are now rendered useless because you cannot actually access the RDP session until you have the second piece of information to authenticate again, which they will not be able to gather.
- Look into an IDS/IPS solution
IDS = should at least alert you that communication between you and key server is occurring, and it also restricts behaviour on network.
IPS = should stem command-control server1 communication, and also will help blocking trolling downloaders from going on leading to a cryptowall infection.
Normally there’s a primary infection or exploit that will bring down the cryptovirus thus will be leaving you with a ton of encoded files.
- If using ESET, ensure that Cloud Malware Protection System (LiveGrid) is enabled
This cloud protection engine collects data by users worldwide. It gathers information about unknowns from a wide range of sources. Therefore it can predict trouble before it actually occurs.
As always, Gist's IT technicians are ready to help you with any questions you have about your technology. Visit our website or give us a call at 086 100 4478.
1C&C centers are used to remotely send often malicious commands to a botnet, or a compromised network of computers.