The first and most important thing is making it harder for attacks to take place. While it’s necessary to take preventative steps, it’s also important to come to terms with the fact that nothing will ever be 100% effective. That being said, the right cyber security measures and controls should eliminate at least 80 – 90% of all malware attacks, including ransomware.
Whether it’s a home network or an enterprise network, the fundamentals are the same. Bear in mind, however, that the more users and devices you have on your network, the more likely it is for a breach to occur.
Let’s start with the basics to harden your system against ransomware:
1. Use your firewall – you need to be sure that your firewall blocks outgoing connections to known C&C servers (these are the systems that cybercriminals use to distribute malware and gather misappropriated information, such as credit card numbers). This can work to disrupt ransomware as it attempts to get the encryption keys to your system and can prevent it from running. Firewalls might not be perfect or easy to use, but life without a firewall is much trickier.
2. Filter your emails – If you’re not using something like Gmail, with built in filters and inspection tools, find a good mail filter tool that you can use. This will help block incoming phishing attacks and spoofed mails. Never trust email, and never allow files that have .js, .exe, .wsf or .scr extensions to run without scanning them first. Scan all incoming zipped files and be suspicious of all email.
3. Run your anti-virus – While some people might think anti-virus is obsolete, it really isn’t. if you’re running a good anti-virus toolset with regular updates and scans enabled, this should block most ransomware attacks. Fresh variations might still get through, but you’ll be protected from scores and scores of older versions still floating out there on the web.
4. Patch your system regularly – Most ransomware attacks are looking for weaknesses – unpatched systems are full of weak points, so when patches are released you should apply them as soon as you can. The longer you wait, the more your computer security is at risk.
5. Minimise the use of privileged accounts – This means that you should never use administrator accounts for routine activities. Privilege escalation is something that needs to be tightly controlled, ideally with manual credential entry each time. If privileged accounts cannot avoid having internet access, it’s a good idea to follow a whitelist process here. Privileged accounts must never be used to access email because if an account with admin privileges is infected by ransomware everything is much, much worse.
6. Do your backups, properly – Backup everything you can. Data storage is cheap so there is very little reason to not backup everything. The more you backup, the faster you can recover from ANY crisis. Run daily, weekly, monthly backups and test these on a regular basis. Also remember that it’s important for any backups you make to be kept offline to isolate these precious copies of your data from ransomware.
Once you have all that figured out and under control, you can do the following:
7. Manage Network Share abilities – This is the biggest downfall for most companies, as infected users end up contaminating files belonging to everyone else when network shares are badly managed in the environment. To fix this, you’ll need to take steps to ensure that users only access folders they need to access. If you can get it right, making sure that network shares are not mapped as drive letters is a great way to protect your data. Never allow the everyone or all users groups to have read/write access on network folders.
8. Beef up your browsers – This means limiting what people can download and do with downloaded files. Make sure browser activity is scanned by antivirus tools and install ad-blockers and disable flash. This slams the door shut on two of the most common web-based attack entry points.
9. Manage your application paths – Use Group Policy Objects or similar settings to prevent software from running in unconventional locations. This means never allowing files to run from %LocalAppData% and %LocalAppData% locations. In this respect, it’s much easier to whitelist applications you’re comfortable with running, rather than trying to block the ones you don’t want to run.