Protect Against Ransomware

What is RansomWare?

Ransomware is a form of malware that infects devices, networks, and data centers and prevents them from being used until the user or organization pays a ransom to have the file or server unlocked. Ransomware has been around since at least 1989, when the “PC Cyborg” trojan encrypted file names on a hard drive. However, in recent years, ransomware attacks have become increasingly complex, targeted, and lucrative crime. Digital currency like Bitcoins are usually used as the main mode of payment.

protect ransomware

New ransomware on the block: ‘Petya’

The ‘Petya’ ransomware follows in WannaCry’s footsteps, which held over tens of thousands of global organisations ransom just in May 2017. Deemed “more dangerous and intrusive”, ‘Petya’ has spread from Russia and Ukraine to Europe and the US at the point this article was written.

How does RansomWare work?

How to Protect Against Ransomware?

Mail Hosting Services
- Office 365
  - Upgrade security protection to Office 365 – Advanced Threat Protection (ATP)
  - Restrict File Attachment
- POP3 – Migrate to Office 365 with ATP
Firewall
- Disable Remote Desktop (RDP) Connection
  - If RDP is necessary, then
    - use 2FA in SSL VPN Connection
    - Apply Security Hardening for RDP
- Restrict any outbound connection to Command and Control (C&C) Server
Server
- Disable Remote Desktop (RDP) Connection
  - If RDP is necessary, then
    - use 2FA in SSL VPN Connection
    - Apply Security Hardening for RDP
    - In Group Policy
      - Strengthen Encryption for RDP
      - Lockout Account after 5 number of unsuccessful attempt with a 60 min timeout period
- Enable Volume Shadow Copy
  - Creating scheduled automatic restore point creation
  - Disabling by Renaming VSSAdmin
- Perform Multi-Version
  - Local Data Backup to NAS (by IP address, not by mapped drive)
  - Remote Data Backup to Cloud
Workstation
- Deploy Endpoint Security Software that can restrict and control application
- Show File Extension
- Perform OS and application patches or updates.
- Enable Firewall
- Disable Windows Script Host
- Disable Powershell
- Disable Macros in Office
- Disable ActiveX on Browser
- Install Browser Addon to block Popups or Adwares
- Use strong password
- Enable Malware or Virus Scan for compressed and archived files
- Disable File Sharing
- Switch off remote services – remote desktop and remote assistance
- Deactivate Autoplay
- Switch off unused connection – wireless, bluetooth, infrared.
- Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.
  - The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.

Interested to know we can help you to leverage on IT to improve your business productivity, scalability and profitability?

What is RansomWare?

New ransomware on the block: ‘Petya’

Ransomware continues to be a one of the most prevalent threats today, to any organisation with both valuable data and legacy systems hidden unpatched in the cracks and corners of their networks.

Following this latest attack, infected machines displaying the following ransom note demanding US$300 worth of bitcoins to decrypt and recover user’s files.

How does RansomWare work?

How to Protect Against Ransomware?

Mail Hosting Services

Office 365

Upgrade security protection to Office 365 – Advanced Threat Protection (ATP)

Restrict File Attachment

POP3 – Migrate to Office 365 with ATP

Firewall

Disable Remote Desktop (RDP) Connection

If RDP is necessary, then

use 2FA in SSL VPN Connection

Apply Security Hardening for RDP

Restrict any outbound connection to Command and Control (C&C) Server

Server

Disable Remote Desktop (RDP) Connection

If RDP is necessary, then

use 2FA in SSL VPN Connection

Apply Security Hardening for RDP

In Group Policy

Strengthen Encryption for RDP

Lockout Account after 5 number of unsuccessful attempt with a 60 min timeout period

Enable Volume Shadow Copy

Creating scheduled automatic restore point creation

Disabling by Renaming VSSAdmin

Perform Multi-Version

Local Data Backup to NAS (by IP address, not by mapped drive)

Remote Data Backup to Cloud

Workstation

Deploy Endpoint Security Software that can restrict and control application

Show File Extension

Perform OS and application patches or updates.

Enable Firewall

Disable Windows Script Host

Disable Powershell

Disable Macros in Office

Disable ActiveX on Browser

Install Browser Addon to block Popups or Adwares

Use strong password

Enable Malware or Virus Scan for compressed and archived files

Disable File Sharing

Switch off remote services – remote desktop and remote assistance

Deactivate Autoplay

Switch off unused connection – wireless, bluetooth, infrared.

Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.

The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.