Ransomware is like the flu. Everybody knows about it, nobody wants it, and many try to prevent it,...
To say ransomware is ubiquitous is an understatement. Between 2016 and 2017, emails infected with ransomware increased by 6,000 percent and 100 new malware families were discovered.
There appears to be no end to this epidemic. As long as there are strong financial incentives to exploit the enterprise IT environment, new variants of these attack vectors will continue to pop up. It’s likely that an attack on your organization’s network will occur soon if it hasn’t already, but there are some actions you can take to make your organization less susceptible to a ransomware attack.
Secure Your Email Traffic
Email phishing was the top ransomware vehicle in 2017, with more than 67 percent of all ransomware attack vectors entering network systems via email. Phishing and spear-phishing attacks are becoming the preferred way for hackers to social engineer enterprise systems.
Training employees to identify suspicious emails, blocking emails with many recipients or large attachments, scanning inbound emails for viruses and malware, and keeping employees from accessing private email accounts using enterprise machines are all excellent preventative measures.
Gate Access
Implement least-privilege administration user rights and live by them. You should be limiting who has access to network applications according to job function and only provide access for specific periods of time when it is needed.
Another good way to create choke points in your network is to control who has permissions for altering files. If a user requires Read Only privileges to accomplish their job function or work on a specific project, they should not have full access allowing them to alter files and possibly introduce ransomware unknowingly.
Leverage FSRM
Windows has a nifty little tool called File Server Resource Manager that enables the management and classification of data stored on your organization’s servers. It can be configured using the FSRM app or with PowerShell.
This tool allows you to classify files and adopt policies which restrict access to files, file encryption, and file expiration. The tool can also help control the types of files stored on a file server and limit what types of extensions can be stored.
Back Up and Sequester
Backing up data may seem like a no-brainer, but it’s an important IT function that can be overlooked by overworked managers. In addition to protecting data against attack vectors like ransomware, backing up data provides the added benefit of restoring data after natural events like blackouts, fires, and so forth.
Equally important is where backup data is stored. Sequester data where it cannot be attacked by ransomware, whether it is stored on separate file servers, backup drives, or write-protected DVDs—separate and isolate the data so your organization can quickly recover from a cyberattack or natural disaster.
Patch, Patch, Patch
Some of the most notorious cyber attacks in recent memory were due to failure to apply known patches to Windows OS. The Equifax breach of 2017 compromised over 145 million identities due to a failure of that organization’s IT personnel to apply a simple, timely patch.
A large-scale breach can allow bad actors to create back doors into enterprise networks which can be used to introduce malware, among other things.
Secure RDP
Although generally secure, Windows Remote Desktop is vulnerable to unauthorized attack during a session using a man-in-the-middle. Lock it down by insisting on strong passwords, keeping software up to date, enabling network-level authentication, and limiting the number of users who can log in to only those who need to.
You can also set up a lockout policy that can prevent hackers from gaining access after a specified number of incorrect password entries.
Conclusion
Securing network systems against ransomware is a matter of keeping IT best practices at the forefront of your organization’s security posture because, like their biological counterparts, ransomware variants and viruses continue to evolve as fast as we find ways to inoculate IT ecosystems against them.
