On Friday, the world experienced the wrath of a well-coordinated ransomware attack, known as WannaCrypt. The attack caused Britain's NHS to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock.
This Ransomware is hitting all types of organisations big and small. In this blog post we give some simple steps which can keep your company more protected against this type of attack.
The best way to defeat ransomware is to have a regularly updated backup of your files. If your system is attacked by ransomware,you can easily restore your files to an earlier version
Show Hidden File Extensions
In Windows settings, enable the option to see full file extensions. This way, suspicious files will be easier to spot. Cryptolocker is often packaged with a file that has the extension ".PDF.EXE"
Filter .EXE Files in Email
Set a filter in your email program to deny emails with attachments that have two file extensions, with the last one being executable (".EXE"). If you want to receive executab files with someone you trust, use ZIP files or cloud services instead (remember to password-protect your files).
Disable Running Files in "App Data" and "Local App Data" Folders
Using intrusion prevention software, set up a Windows rule to disallow executable files from running in the App Data or Local App Data folders. Be sure to exclude any legitimate software that you have set to run from App Data folder from this rule.
Cryptolocker frequently targets machines using Remote Desktop Protocol (RDP), a Windows utility that lets others access your system remotely. If you don't need to use RDP, disable it to protect your desktop from malware attacks.
Update Your Software or Apply Patches
Malware programs often depend on people running outdated versions of software with known vulnerabilities, which can be exploited to gain access to your system. Keeping your software updated drastically reduces the potential for these malicious programs to infect your system.
Don’t enable macros
A lot of ransomware is distributed in Office documents that trick users into enabling macros. Microsoft has just released a new tool in Office 2016 that can limit the functionality of macros by preventing you from enabling them on documents downloaded from the internet
Be very careful about opening unsolicited attachments
Most Windows ransomware in recent months has been embedded in documents distributed as email attachments. If some attachment seems suspicious to you, don’t open it.
Don’t give yourself more login power than necessary
Don’t stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.
Train all employees in your business
Often the users within a company can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails
Segment the company network
Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.
Use a Trusted Anti-Virus Suite
Since malware programs are frequently updated with new definitions to avoid detection, it's important to have both a firewall and anti-virus software. If a malicious code is so new that it happens to go undetected by your anti-virus software, it will be caught by the firewall.
View our webinar on the Threat Landscape for Companies by clicking link below.