It goes without saying that increasing and maintaining cyber security solutions is a must for all organisations and entities. But perhaps on which of them are the most appropriate. That’s why we’re going to tell you what to do to fight ransomware.
Backing up (BaaS) is perhaps one of the most fundamental actions to reduce the impact of such an attack. Having a contingency plan that includes backup is essential for the safety and security of any organisation. Many companies are still unaware of the need and potential of this “life-saving” solution.
But there are also many other necessary measures that can be taken to prevent, detect or mitigate the risks of a ransomware attack.
Measures to combat Ransomware:
- Frequent backups (BaaS) of critical and relevant data. These should be isolated and without connectivity to other systems, to prevent access from infected devices.
- Keep all applications and operating system up to date with the latest versions to avoid security holes.
- Have the perimeter firewall correctly configured. Avoiding having services published to the internet and always up to date with those IP whitelists allowed for the organisation.
- Have anti-spam systems in e-mail and implement high filtering, which reduces the chances of infection through massive e-mail ransomware campaigns.
- Create security policies in the operating system,to prevent the activity of files from directories used by the ransomware (App Data, Local App Data, etc.). With the help of tools such as AppLocker, Cryptoprevent or CryptoLocker Prevention Kit.
- Implement an IDS/IPS system to detect and scan for possible attacks by blocking malicious traffic.
- Use deep defense tools such as EMET, which allows to mitigate the possible entry of exploits.
- Do not use accounts with administrator privileges.
- Maintain the access control list of the network mapping unit. In case of infection, all mapped network drives on the victim’s device will be encrypted. Restricting write access to the network will partially mitigate the impact.
- Use of javascript blockers for the browser,with which to prevent the execution of scripts that may pose a threat to the device. This reduces the chances of infection via web pages.
- Have visible the extensions of the files, to be able to identify possible executable files that could pretend to be other types of files.
All of these measures are essential to reduce the chances of a ransomware attack, but perhaps one of the most important is awareness and knowledge. One of the most common attack vectors for this technique is phishing, which uses social engineering to deceive users and carry out attacks.