Why ransomware prevention is so important
Ransomware attacks are now commonplace. They’re evident in almost every industry and in every country around the world. Paying a ransom might seem like the only option for recovering locked or stolen data, but experience has shown that cybergangs don’t always follow through once they’ve been paid.
Hackers manage to keep pace with cybersecurity updates and are always finding new ways to bypass security measures and infiltrate systems. Ransomware-as-a-service is also on the rise, this is why it is important to ensure that your organisation not only conducts continuous cybersecurity monitoring, but also allocates resources that focus on preventing a ransomware attack. Let’s take a closer look at the ransomware prevention methods, chosen by the leading information security firm RiskXchange.
Best ransomware prevention methods
To avoid a ransomware attack, the first step is to know exactly what software and hardware assets are connected to your company’s network. Active discovery helps but will not pinpoint any assets added by workers companywide. Therefore, utilising passive discovery is the best way to build a comprehensive asset inventory and keep it up-to-date.
Configure anti-spam settings
One of the main methods of spreading a ransomware infection is via emails that contain harmful attachments. Therefore, it’s important to ensure that your anti-spam settings are configured on your webmail server to block malicious attachments.
Educating workers on basic social engineering scams like ransomware attacks and phishing, and on malware designed to steal personal data or intellectual property is key to helping staff stay vigilant and notice the threats. Staff must also be aware of the following:
- Avoid opening suspicious looking attachments
- Think before clicking on any hyperlinks
- Refrain from handing out personal information
Use File Extensions
File Extensions is a Windows functionality that shows what types of files are being opened so that you can avoid harmful files. This can come in handy when Hackers attempt to use a technique where one file appears to have two or more extensions, e.g., smelly-cat.avi.exe. Pay close attention to these kinds of hacking methods.
Patching not only helps prevent an attack but can also be used to verify that all available fixes have been applied.
Keep your software up-to-date
Your company needs to ensure that its vulnerabilities management covers all connected software assets so that security professionals can prioritise mitigation and remediation efforts accordingly.
Disable the web if you spot anything suspicious
If you spot a suspicious process on your computer, then disable the web immediately. It is particularly effective during the early stages of an attack and could save your company millions.
Trusted downloads only
Trust plays a huge part in ransomware prevention. Avoid untrusted processes from running on any computer and only authorise downloads from trusted sources or locations.
Add applications to allow lists
Avoid installing applications that could introduce risk into your company network. Add all applications to an allow list to ensure that staff are aware of what can (or cannot) be added to the company’s system.
Utilise Windows Firewall
Using Windows Firewall can help protect company computers against certain levels of unauthorised access. More information on Windows Firewall can be found on Microsoft’s website.
Principle of least privilege
Using the principle of least privilege helps review the levels of control and access handed out to employees. This process will help deter hackers from using an account to navigate their way through your network.
Scan compressed or archived files
Ransomware attackers can often get around email filters by hiding their payloads within compressed or archived files in attachments. Tools that scan files for malware are key to ransomware prevention.
Use spam filters and authenticate users
Strong spam filters capable of preventing phishing emails from reaching users is a good investment. Using technologies like Domain Message Authentication Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) is key to preventing hackers from using email spoofing techniques.
Disable Windows PowerShell
PowerShell is often used to execute ransomware from memory, helping to avoid detection by traditional anti-virus techniques. Therefore, disable PowerShell if you have no organisational use for the framework.
Disable Windows Script Host
Cyberattackers sometimes use .VBS files (VBScript) to run ransomware on an infected computer. Disabling Windows Script Host will block malware from using this file type.
Enhance Microsoft Office apps security
Hackers often use Microsoft files to distribute their payloads which can use ActiveX or macros. Disabling ActiveX and macros will prevent malicious code from being executed on computers.
Installing browser add-ons to block pop-ups is a good way of stopping ransomware attackers in their tracks.
Use complex passwords
Using and enforcing strong, unique, and complex passwords for all accounts is key to thwarting attack. Another good ransomware prevention method is multi-factor authentication (MFA). MFA ensures that more than one piece of evidence is needed to authenticate a user.
Deactivating Windows AutoPlay will prevent malicious actors from targeting digital media like memory sticks, USB drives and similar types of devices.
Avoid unfamiliar media
Avoid any type of associated device or application, like a CD or USB drive that hasn’t been cleared or vetted for use by the company.
Disable file sharing
By disabling file sharing, you will prevent attackers from infecting multiple machines in your network. The infection will remain on one device.
Disable remote services
Remote Desktop Protocol can be targeted by hackers to expand the attack surface in order to infiltrate your network more easily. Disabling remote services is a tried and tested method of thwarting attack by closing off one vector for remote attacks.
Disconnect pointless wireless connections
Disconnecting wireless connections like Bluetooth or infrared ports will help stop attackers in their tracks.
Utilise software restriction policies
Microsoft’s Software Restriction Policies are trust policies that help companies manage the process of running applications on computers. It gives you the ability to designate where apps are and aren’t allowed to execute.
Block malicious Tor IP addresses
Ransomware attackers often use TOR gateways to communicate with C&C servers. Blocking known malicious Tor IP addresses will help stop the process from getting through.
Ensuring your company has access to reputable cyber threat intelligence goes a long way toward effective ransomware prevention.
Segment the network
Simplifying and segmenting the network is an effective way of protecting systems from ransomware attacks, by isolating and sectioning off the most sensitive components.
Get in touch with RiskXchange to find out more about ransomware prevention.