Protecting Your Business from Ransomware
January 23rd, 2017 by admin
Currently, dealing with the consequences of Ransomware isn’t very promising from the file decryption perspective. That is why thwarting the virus attack can save you a pretty penny and guarantee peace of mind.
Refrain from opening attachments that look suspicious
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
Think twice before clicking
Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection
This is particularly efficient on an early stage of the attack because the ransomware won’t get the chance to establish a connection with its Command and Control server and thus cannot complete the encryption routine.
Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.)
Disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC.
Block popups as they can also pose an entry point for ransom Trojan attacks
Deactivate AutoPlay
This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system
The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.
Block known-malicious Tor IP addresses
Tor (The Onion Router) gateways are the primary means for ransomware threats to communicate with their C&C servers. Therefore, blocking those may impede the critical malicious processes from getting through.
Posted in: Solutions