By David Geer
March 8, 2017
Enterprises should then take several practical steps down-in-the-trenches to mitigate ransomware, including mature endpoint security measures. “Reputable, multilayered endpoint security that protects web browsing, controls outbound traffic, safeguards system settings, proactively stops phishing attacks, and continuously monitors the individual endpoint can prevent malware infections and ransomware,” says Moffitt.
The business should ensure that its business continuity/disaster recovery plan and backup and recovery tools are entirely separate from the data and systems that could fall under attack by ransomware. “There are many automated on-site and cloud-based backup solutions that will leave you with options even if ransomware hits network drives,” says Moffitt.
There are measures to address ransomware that starts with phishing emails that contain macros, which prerecord commands that will run automatically, in this case unleashing malware and, ultimately, ransomware attacks. You can disable macro functionality in the trust center in Microsoft Office.
There are maneuvers for isolating harmful file activities. In Microsoft Windows, you can use policy settings to restrict actions by potentially malicious files with specific extensions, such as .exe for executable files, inside directories where this presents a risk during a ransomware infection. “It’s not 100-percent effective, but if you can reduce the number of variants that could pose a threat by even 20 percent, it will be well worth the investment,” says Moffitt.
Ransomware attacks can include abuses of the Remote Desktop Protocol (RDP) port, port #3389. By changing the port assignment for remote desktop applications and encrypting it where possible, you can mitigate exploits that use this vector, according to Moffitt.
There are solutions in addition to backups for organizations whose data is already locked. Resources such as No More Ransom can help enterprises to unlock encrypted systems using keys and software tools that can (in some cases) decrypt locked data.
User education is always a necessity and a great opportunity to make a dent in the user errors that make these attacks possible. “Malware will continue to thrive and be a viable business as long as staff are unaware and uneducated about the risks of the internet. Providing the basics will protect users at home and in the office,” says Moffitt.
According to Hyde, who brings extensive experience with the National Security Agency and U.S. Cyber Command, enterprises should whitelist good sites, blacklist known bad sites, and continually update these based on suspicious traffic. “The enterprise should invest in applied forensics and threat intelligence services, lock down user accounts, prevent writing to system files and settings, and keep a detailed image of base computer systems for immediate deployment,” says Hyde.
“Ransomware is devastating and damaging regardless of the target,” says Fier. Future attacks on critical infrastructure and business reputations could end some companies and degrade our quality of life.