We talked about the current variants of ransomware and what to look for when launched in Part 1 of this series. Now, let’s talk about ransomware best practices for you and your company. Are you prepared for ransomware?
Check out our checklist of ransomware best practice recommendations.
Ransomware Best Practice Recommendations:
- Always backup data and keep a recent backup copy off-site. There are dozens of ways besides ransomware that can cause files to suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup to further protect yourself from a breach.
- Don’t enable macros in document attachments received via email. Microsoft turned off auto-execution of macros by default many years ago as a security measure. Many malware infections rely on persuading you to turn macros back on. Don’t do it!
- Be cautious about unsolicited email with attachments. The cyber criminals are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt don’t open it. Report it to your IT Help Desk, contact sender directly to ensure they really sent it, etc.
- Keep the number of privileged users (Domain Admins, Local Admins, and Server Admins) to a minimum. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you are working with elevated privileges. It is also good practice to remove the default admin users when devices are built.
- Consider installing Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. The viewer software doesn’t support macros at all so the risk of accidentally enabling is not present.
- Patch…..Patch….Patch (and Patch again)! Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash, Acrobat Reader and more. The sooner you patch, the fewer open holes remain for the bad guys to exploit.
- Use an email filter to block incoming files with attachments (.zip, .exe.) (.exe files may be blocked in emails but not Office macros or other active content) Note: .zip files cannot be scanned by most email filters or anti-virus software.
- Keep web browsers and plugins updated. Disable non-critical plugins (Flash when possible).
- Keep Operating System and applications updated.
- Make sure you have Antivirus software and keep it up to date. Auto-update of signatures, real time protection and scheduled scans should be enabled for all endpoints.
- User education:
- Browse to websites by typing URL rather than clicking on links
- Don’t assume that an advertisement is safe because it is on a major news website
- Scrutinize all incoming email before opening
- Did you expect the email
- Look for grammar and/or spelling issues
- Be wary of emails from unverified sources and don’t open attachments until verified
- Contact sender directly to confirm that they actually sent the email
- Consider periodic phishing exercises to provide education and awareness to staff
I hope these best practices help you when dealing with ransomware. If you can take one thing away from today, it is this: Be Prepared. If you have any questions regarding this topic, please contact us.
This blog was authored by CBE’s Security Team.