The year ransomware became one of the top threats to enterprises

Ransomware increasingly hits businesses, hospitals, public utilities, public transit systems and even police departments

1 2 Page 2
Page 2 of 2

Preventing ransomware infections:

  • Implement an awareness and training program for employees to teach them how to recognize phishing attacks, malicious attachments and ransomware signs.
  • Use a strong spam filter and implement anti-email-spoofing technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM).
  • Configure network-level security solutions and firewalls to block access to known malicious IP addresses, including Tor, since many ransomware command-and-control servers are hosted on Tor.
  • Keep the software running on workstations and servers up to date and consider a vulnerability scanner and patch management system.
  • Use a capable anti-malware program with a proven track record in detecting ransomware and ensure that it's configured to perform regular scans.
  • Use the principle of least privilege for local accounts on workstations, as well as network shares and other resources. If a user doesn't need write access to a network share don't provide it.
  • Disable the execution of macros in Office files and restrict the execution of other scripts like JavaScript, Powershell and VBScript in Windows.
  • Disable browser plug-ins that are not needed and consider running the browser and other programs in Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
  • Prevent programs from running from temporary folders and other common locations used by malware by using software restriction policies.
  • Disable the Remote Desktop Protocol (RDP) and other remote management tools if not needed. If they are needed make sure they use strong and unique credentials.
  • Consider using an application whitelisting solution and executing risky programs in virtualized environments.
  • Catalogue data based on its value and implement strong access controls and physical separation for critical network segments.
  • Back up data regularly, verify the integrity of those backups and regularly test the restoration process.
  • Ensure that computers are not permanently connected to backup locations. Create multiple backups and store them offline and offsite, for example in the cloud if they are secured and there is no perpetual access to them. Be aware that continuous file synchronization is not a backup method and some ransomware programs detect and encrypt data in cloud-based file synchronization solutions.
  • Conduct regular penetration tests and vulnerability assessments.
1 2 Page 2
Page 2 of 2
NEW! Download the Winter 2018 digital edition of CIO magazine