Preventing ransomware from infecting your users
Ransomware has been the bane of IT security pros everywhere in the past few months as more and more versions pop up and infect users. In this post we go through 10 ways to prevent ransomware.
With so many hospitals, educational institutions and a good number of businesses of all sizes falling victim to ransomware, it's no wonder this type of malware is what everyone in the security industry is talking about. And with new types of ransomware unearthing every other day, one version nastier and even more heartless than the one before, more and more sysadmins are looking at all possible ways to prevent their data from being held hostage.
A good backup plan will allow you to quickly get access back to the data which has been encrypted. It's important to always keep backups in a secure offline location, or in the cloud, with timely integrity checks making sure the data backups are intact.
2. Use an email security solution
Scanning and blocking malicious files at the server level before they are served to your users protecting them from falling victim to ransomware.
3. Blocking executables
Another way to prevent ransomware is by blocking executables from running from locations such as:
By using Windows Software Restriction Policies, you can set the rules to “block all, allow some” just in case you want to whitelist certain apps.
4. Keep patches up to date
Unpatched vulnerabilities are commonly used as an attack vector so to reduce the risk of infection you need to keep all your operating systems and software applications patched up.
5. Keep an eye on outbound traffic
Make sure to monitor suspicious outbound traffic and keep in place alerts that will help you take action (such as killing the connection). This will make it harder for ransomware to communicate into or out of your network.
6. The concept of least privilege
The concept of least privilege limits your users' admin powers on their machines. Giving your users only those privileges needed to complete their job. When needing admin access for things such as installing software, users need to manually type in a different set of credentials. This way if malware tries to escalate its privilege level it will be stopped in its tracks.
7. Show extensions for known file types
Ransomware often tries to hide its real identity by showing up as an innocent format such as .pdf. If the “Hide extensions for known file types” is checked, a file called ‘Invoice.pdf.exe' will show up as ‘Invoice.pdf.'
8. Use Microsoft Office's security settings
Some versions of recent ransomware (such as Locky) will use macro to download and start the payload. Choosing the “Disable all macros except digitally signed macros” option will the chance of this happening.
9. Scan internet downloads
Using web monitoring and scanning solution on your internet downloads will prevent users from visiting infected sites and downloading certain file types. With such software in place, even if a phishing email gets through, and the user clicks it, the monitoring software will block access.
10. Educate your users
Your users are your last line of defence. Educate them and train them to recognise the sings of ransomware. Things like not opening attachments or clicking on links from unidentified senders, checking for misspelled domain names and bad spelling throughout the email will reduce the chance of them falling victim to ransomware.
As usual with many security threats, a multi-layered approach is the best way to prevent ransomware from holding your data hostage.
Melanie Hart is digital content specialist/editor at GFI Software. An eager blogger, fiery tweeter, and avid reader, Melanie is a self-confessed geek who finds solace in online FPS games.