Ransomware can be time consuming, alarming, and, quite honestly, scary. Your files get stolen and held for ransom and, in the worst case, they can be deleted if you don’t pay up. There are some tools available to decrypt the Ransomware, but as mentioned in Part 1 of our Ransomware series, there are many Ransomware types out there. If you get infected, you can’t depend on luck to help you.
Preparing for a Ransomware Attack
There are ways to prepare your system to avoid an attack and aid in the attempt of an infection. Here are some easy tips to start you on the Ransomware prevention rollercoaster, because cyber-attacks do evolve.
- Back up your data
It is vital to both back up your data and test it. You should not rely on Windows systems backups or a drive connected to your machine that has backup files, because cyber criminals are aware of this and are starting to attack those preventative measures. It is best to have a cloud-to-cloud service, appliance-to-cloud service, or a SAN for backups. The single best way to defeat ransomware is having a regularly updated backup.
- Show hidden file-extensions
If you re-enable the ability to see the full file-extension, you will be able to spot suspicious files more easily because Ransomware likes to hide.
- Filter EXEs in email
You can prevent a lot of malicious files from entering your organization through email. You can filter by .EXE files and deny the mails sent or you can deny mails sent with files that have two extensions (the last one being executable “*. *EXE”). If you don’t already have an email gateway scanner, you might want to consider getting one.
- Disable files running from AppData/LocalAppData folders
You can create rules within Windows or with Intrusion Prevention Software to not allow files running from AppData/LocalAppData folders.
- Disable macros in Microsoft Office files
By disabling macros in Office files, you deactivate the use of the scripting language that is known to be used by Locky Ransomware.
- Disable RDP
Remote Desktop Protocol (RDP) is often the main source of getting into your network by Cryptolocker, so disable it if you do not need it to prevent another avenue of access to your environment.
- Patch or Update your software
Exploits in your software are a mecca for cyber criminals who create ransoms specifically for many vulnerabilities in your software. If the software vendor is keeping up their end of the deal by ensuring that the program is safe, you should ensure that you are updating your software to keep your organization safe.
- Use a reputable security suite
You should always have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. It is not a best practice to buy just any anti-malware software–you should do some research and find out which ones are updated most often and are the leaders in aiding with development of resolving newly released threats.
If you want to learn more about how to protect yourself against Ransomware check out our Ransomware Blog Series every month, or contact our Security Services at firstname.lastname@example.org for a complimentary consultation.