Revisit ransomware prevention & mitigation : Sharepoint, continuous backup, etc
A related organization's critical files in 'encrypted shared folder' (not Sharepoint) just
show up with plenty of *.zepto
As post-mortem, they will ask for preventive & mitigation measures:
a) I suppose mapping a drive to an encrypted shared folder doesn't help at all.
Will using Sharepoint help (assuming we don't map a drive to the Sharepoint)
but users have to use IE/browser to upload/update/download files?
But of course the very busy users (who almost constantly have to update
the files, including Excel) hate to use IE/browsers to do this as it's much
slower than using Windows Explorer: got to check out a file & will be
prompted many times. Is there something as fast & like Win Explorer (for
familiar interface)?
b) apparently the AV either did not work or not updated, will AV detect &
stop zepto ?
c) Will IOC (indicators of Compromise) tools help with this? Do name
specific opensource tools
d) Exploring Acronis backup for workstations: is there a 'continuous' backup
feature that will allow us to restore just a second or a few secs just to
prior being attacked?
So looks like the above anti-spyware helps? Anyone know if McAfee AV will help?
sunhux
ASKER
Any concerns (& mitigations) that the continuous backup also backs up the ransomware files as well?
Or we need to build in a scanner for the backup tool?
Your problem is the shared folder(s) you are using.
One user gets infected then everyone who uses that folder gets infected. You may have 99 intelligent users of that folder and one dumb one. That dumb one will infect everyone else.
Possible mitigation methods
Your sources of infection are most likely to come from email attachments and web sites. If you've got a centralised mail server then a very good anti-virus solution and any of the other methods you talk about will help. They will NOT stop everything. That is impossible.
Browsers. You can restrict the sites your users go to. You can use a safer browser such as Chrome. You can restrict what files a browser can open. That will help but won't stop everything.
Backups are important. Realtime backups every time a save is made are possible but that's out of my experience. And very expensive as well. Daily backups are a must.
as well.
Can IOCs tool help with early detection & prevention