Ransomware Prevention: Top Security Tips

Why ransomware prevention is so important

Ransomware attacks are now commonplace. They’re evident in almost every industry and in every country around the world. Paying a ransom might seem like the only option for recovering locked or stolen data, but experience has shown that cybergangs don’t always follow through once they’ve been paid.

Hackers manage to keep pace with cybersecurity updates and are always finding new ways to bypass security measures and infiltrate systems. Ransomware-as-a-service is also on the rise, this is why it is important to ensure that your organisation not only conducts continuous cybersecurity monitoring, but also allocates resources that focus on preventing a ransomware attack. Let’s take a closer look at the ransomware prevention methods, chosen by the leading information security firm RiskXchange.

Best ransomware prevention methods

Assets inventory

To avoid a ransomware attack, the first step is to know exactly what software and hardware assets are connected to your company’s network. Active discovery helps but will not pinpoint any assets added by workers companywide. Therefore, utilising passive discovery is the best way to build a comprehensive asset inventory and keep it up-to-date.

Configure anti-spam settings

One of the main methods of spreading a ransomware infection is via emails that contain harmful attachments. Therefore, it’s important to ensure that your anti-spam settings are configured on your webmail server to block malicious attachments.

Educate staff

Educating workers on basic social engineering scams like ransomware attacks and phishing, and on malware designed to steal personal data or intellectual property is key to helping staff stay vigilant and notice the threats. Staff must also be aware of the following:

Avoid opening suspicious looking attachments
Think before clicking on any hyperlinks
Refrain from handing out personal information

Use File Extensions

File Extensions is a Windows functionality that shows what types of files are being opened so that you can avoid harmful files. This can come in handy when Hackers attempt to use a technique where one file appears to have two or more extensions, e.g., smelly-cat.avi.exe. Pay close attention to these kinds of hacking methods.

Patch

Patching not only helps prevent an attack but can also be used to verify that all available fixes have been applied.

Keep your software up-to-date

Your company needs to ensure that its vulnerabilities management covers all connected software assets so that security professionals can prioritise mitigation and remediation efforts accordingly.

Disable the web if you spot anything suspicious

If you spot a suspicious process on your computer, then disable the web immediately. It is particularly effective during the early stages of an attack and could save your company millions.

Trusted downloads only

Trust plays a huge part in ransomware prevention. Avoid untrusted processes from running on any computer and only authorise downloads from trusted sources or locations.

Add applications to allow lists

Avoid installing applications that could introduce risk into your company network. Add all applications to an allow list to ensure that staff are aware of what can (or cannot) be added to the company’s system.

Start your FREE TRIAL

Discover, Monitor and Reduce Third-party Risks with our award-winning platform

Utilise Windows Firewall

Using Windows Firewall can help protect company computers against certain levels of unauthorised access. More information on Windows Firewall can be found on Microsoft’s website.

Principle of least privilege

Using the principle of least privilege helps review the levels of control and access handed out to employees. This process will help deter hackers from using an account to navigate their way through your network.

Scan compressed or archived files

Ransomware attackers can often get around email filters by hiding their payloads within compressed or archived files in attachments. Tools that scan files for malware are key to ransomware prevention.

Use spam filters and authenticate users

Strong spam filters capable of preventing phishing emails from reaching users is a good investment. Using technologies like Domain Message Authentication Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) is key to preventing hackers from using email spoofing techniques.

Disable Windows PowerShell

PowerShell is often used to execute ransomware from memory, helping to avoid detection by traditional anti-virus techniques. Therefore, disable PowerShell if you have no organisational use for the framework.

Disable Windows Script Host

Cyberattackers sometimes use .VBS files (VBScript) to run ransomware on an infected computer. Disabling Windows Script Host will block malware from using this file type.

Enhance Microsoft Office apps security

Hackers often use Microsoft files to distribute their payloads which can use ActiveX or macros. Disabling ActiveX and macros will prevent malicious code from being executed on computers.

Block pop-ups

Installing browser add-ons to block pop-ups is a good way of stopping ransomware attackers in their tracks.

Use complex passwords

Using and enforcing strong, unique, and complex passwords for all accounts is key to thwarting attack. Another good ransomware prevention method is multi-factor authentication (MFA). MFA ensures that more than one piece of evidence is needed to authenticate a user.

Deactivate AutoPlay

Deactivating Windows AutoPlay will prevent malicious actors from targeting digital media like memory sticks, USB drives and similar types of devices.

Avoid unfamiliar media

Avoid any type of associated device or application, like a CD or USB drive that hasn’t been cleared or vetted for use by the company.

Disable file sharing

By disabling file sharing, you will prevent attackers from infecting multiple machines in your network. The infection will remain on one device.

Disable remote services

Remote Desktop Protocol can be targeted by hackers to expand the attack surface in order to infiltrate your network more easily. Disabling remote services is a tried and tested method of thwarting attack by closing off one vector for remote attacks.

Disconnect pointless wireless connections

Disconnecting wireless connections like Bluetooth or infrared ports will help stop attackers in their tracks.

Utilise software restriction policies

Microsoft’s Software Restriction Policies are trust policies that help companies manage the process of running applications on computers. It gives you the ability to designate where apps are and aren’t allowed to execute.

Block malicious Tor IP addresses

Ransomware attackers often use TOR gateways to communicate with C&C servers. Blocking known malicious Tor IP addresses will help stop the process from getting through.

Threat intelligence

Ensuring your company has access to reputable cyber threat intelligence goes a long way toward effective ransomware prevention.

Segment the network

Simplifying and segmenting the network is an effective way of protecting systems from ransomware attacks, by isolating and sectioning off the most sensitive components.

Get in touch with RiskXchange to find out more about ransomware prevention.

Find out more

RiskXchange is one of the firms leading the fight against cybercrime, helping companies of all sizes fight the threat of a cyberattack by providing instant risk ratings for any company across the globe.

We provide a full 360° visibility over your digital eco-system's attack surface, including your entire supply chain. Generate objective and quantitative reports on your company’s cyber security risk and performance, conducting business securely in today’s open and collaborative digital world. Updated every 24 hours, our passive data collection methods let you regularly monitor and mitigate risks to prevent unnecessary exposures.

About RiskXchange