May 18, 2017

4 Practical Techniques and Countermeasures to Battle Ransomware

Ransomware is not new, but every time a large outbreak occurs, it becomes the first thing on the minds of individuals and businesses, and rightly so.  The latest strain of a ransomware virus, titled “WannaCry”, is the largest outbreak in history, and subsequent versions will only become worse and worse.  If this doesn’t scare you, it should!  The extent to which these things travel and evolve is unprecidented. Luckily, if you have the right plan, protection, and backup for your environment, you can worry less and focus on your business more.

First, gauge your organization’s prevention appetite.

Every organization has a limit to the amount of prevention they are willing to accept. No single preventative product will stop all the variations of threats. Please read that again…no single preventative measure will stop all the variations of threats.  Antivirus programs are just ONE of the layers you need in order to protect your environment.  Firewalls, Antivirus, Intrusion Prevention systems, Anti-ransomware software, etc, all encompass protection plans you need consider when looking at what fits your needs. Every associate, every department, needs a different plan of attack to keep them safe.  Accounting and HR departments open spreadsheets and documents that require macros.  Executive teams sometimes do not have time for a 15-character password or a 5-minute screensaver lock.  How much is too much?

When implementing controls, ask yourself:

  • What amount of prevention is acceptable in my business?
  • Are there certain parts of my organization that can have more prevention versus others?
  • If I cannot prevent it, can I detect it?
  • Where do I have visibility gaps? (Systems off network, off domain, Linux/Mac)

4 Countermeasures & Technical Controls

1: Use Microsoft Applocker to block extension types.

2: Disable Macro execution with Microsoft Office Suite.

3: Screen Microsoft Windows files.

4: Educate Educate EDUCATE your staff.

The WannaCry variant uses an exploit that Microsoft knew about and patched in March of this year, but even if you have one machine unpatched it could rear it’s ugly head in your network, so if you do nothing else, patch patch patch all of your products.

And lastly, make sure your backups are current, that you have one copy off-site, and that your Disaster Recovery plan WORKS!

Your business is your livelihood.  Can you afford data loss?  Can you afford thousands of dollars to pay off a ransomware attack?  This could shut your business down completely…and potentially forever if the hackers truly want to do that much damage.  Don’t wait another minute to make sure your business is protected!  Let us help you secure your infrastructure today!  Call 281-858-3498 now, or fill out our contact form.

Stay safe out there!

Leave a Reply

Your email address will not be published. Required fields are marked *