Menu

Tips for Enterprises on Protecting Yourself From Ransomware

0 Comments



Follow my blog with Bloglovin >> 

For most business owners, cybersecurity may seem daunting, mysterious, and scary.

With all the examples of ransomware in the news nowadays, it seems that no one is safe.

That isn’t true, however.

There are easy tips and tools you can use to protect your business from ransomware.

Here are three easy ones you can implement today (and one you hopefully never have to use!)

For more tips on cybersecurity across industries >>

Windows AppLocker

Newer Windows versions come with a handful of great features for securing your computers.

One of these features is Windows AppLocker.

You can use Windows AppLocker to define which applications should be allowed to run on your machines (AKA application whitelisting). If your IT environment is well-managed, you should already have a detailed overview of what software runs on your clients.

With AppLocker, you can easily allow users to use the software they need for their daily business, but deny them access to any other software that hasn’t been approved by the administrator. By using Windows AppLocker, you will likely prevent the vast majority of infections these days.

AppLocker is fully integrated into Group Policy and System Center Configuration Manager.

Windows AppLocker >>

Enhanced Mitigation Experience Toolkit (EMET)

EMET is a tool that helps you to prevent the exploitation of unpatched vulnerabilities in the Windows operating system or any other software installed on the computer.

This way, EMET provides you with some sort of “0day protection” against known and unknown software vulnerabilities that you have not yet patched on your clients yet or for which no patch exists at the moment (0day exploits).

Using EMET, you can mitigate the vast majority of the attacks from exploit kits that are threatening and infecting your users every day.

EMET is fully integrated into Group Policy and System Center Configuration Manager.

Block dangerous email attachments

As an enterprise, you should block any dangerous attachments entering your network, by either blocking them at your network border or sending them into the users quarantine.

The following file types/extensions should be considered dangerous for your environment unless you are expecting an attachment of that type:

  • .js (JavaScript)
  • .jar (Java)
  • .bat (Batch file)
  • .exe (Windows executable)
  • .cpl (Control Panel)
  • .scr (Screensaver)
  • .com (COM file)
  • .pif (Program Information File)
  • .ps1 (Windows PowerShell)
  • .wsf (Windows Script File)
  • .vbs (Visual Basic Script)

Be sure that you filter out such attachments, regardless of whether they are:

  • attached to the email directly,
  • in an archive (e.g. ZIP, RAR, etc)
  • or even in a password encrypted archive (e.g. password protected ZIP).

In addition to the file extensions above, you should also block any email attachment that include Macros (e.g. Word, Excel or PowerPoint attachments that come with Macros). You can either block them at your email gateway or by Group Policy, e.g. by denying Macros or by only allowing signed Macro to run.

Macros are a very famous infection vector these days to spread Trojans, including Ransomware.

When it is already too late

If you are reaching this page and it is already too late (meaning you have already become a victim of ransomware), you may want to take a look at the following websites. In some cases, it is possible to decrypt files that have already been encrypted by ransomware without paying the ransom.

This will depend on the Ransomware family and the encryption used by it.

ID Ransomware >>

The No More Ransom Project >>

TL;DR

The recommendations made above can be considered a starting point when it comes to defending against ransomware. However, there are many other things you can do to prevent you from becoming a victim.

The following links will provide you with further reading on potential mitigation strategies:

Robert Penz: Stop panicking about the Locky ransomware >>

welivesecurity: 11 things you can do to protect against ransomware, including Cryptolocker >>

Symantec: Ransomware Do’s and Dont’s: Protecting Critical Data >>

PCWorld: How to prevent ransomware: What one company learned the hard way >>

If you found this post helpful, please be sure to share it with your peers. Online security benefits us all and will only become more critical as technology’s presence grows in our community.

Get informed. Stay safe.

TheWhiteHatHACKER

Tags:

1 thought on “Tips for Enterprises on Protecting Yourself From Ransomware”

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Shares
Share7
Pin2
Share1
+1
Tweet
Share
Share
Reddit
Flip
Vote
Pocket