• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 114
  • Last Modified:

What steps do I take to protect against a ransomware attack?

This is in regards to an environment that contains multiple Microsoft Windows severs. The particular vulnerability is the shared folders on the servers. This is a general question about a large topic. I'd like to know opinions of what are specific, important, useful steps to take, as well as reliable sources of information and guidance.
0
Kirkenheim
Asked:
Kirkenheim
  • 2
  • 2
  • 2
  • +4
7 Solutions
 
JohnBusiness Consultant (Owner)Commented:
The best way (by a wide margin) is to invest in top notch Spam control.

Next, train users to NOT open email from strangers.
Harder, train them not to go to dodgy websites.

Then finally, newer Antivirus products protect against some ransomware.
1
 
McKnifeCommented:
The latest windows version (Win10 v1709) has implemented a ransomware protection feature named "windows defender controlled folder access" - google it, plenty of info. The feature is off by default, since it needs a little care when configuring it.

Apart from the classical "have a backup" and "patch your systems", it is very important to understand that the built-in (but inactive by default) application-whitelisting techniques of windows ("software restriction policies"/Applocker) are the best guard against any type of malware - not only ransomware. Only problem is, very few people know or dare to use those. Again: Plenty of documentation sources at microsoft/on the net
2
 
JohnBusiness Consultant (Owner)Commented:
Good point about backups. I assumed backups were in place, but it does need to be mentioned.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Dr. KlahnPrincipal Software EngineerCommented:
The only real protection is to make periodic full backups on external, disconnectable media that are not connected to the systems when a backup is not actually being done.  Ransomware attacking a system will attack all its drives, shares and servers.  In that situation a network-based backup won't be usable, nor will a cloud-based backup, and the same goes for an internal permanently connected drive.  If the system's backup software can figure out how to get at any of these to do a backup, so can ransomware.

It is an undeniable annoyance and hassle to have to connect and disconnect an external USB drive at each system when doing backups, but that's the only way to guarantee a usable backup when you need it.  Doing it any other way is rolling the dice and hoping that the ransomware is not smart enough to see where the victim system is keeping backups.  Never bet the reliability of your servers no matter what the odds, because when there is an issue the blame will all come crashing down on you.
0
 
serialbandCommented:
The best protection against a ransomware attack is a disconnected backup.  You should have at least one weekly backup that's taken off site.  You should probably have a rotation of daily backups that get pulled out of rotation if you have more critical daily data.
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
Version controlled backups
    Common issue I find is people overwriting their backups with already encrypted data
Safe file locations
    Glad Windows Defender is getting this feature. I use Bitdefender AV specifically for this and they had this feature for a couple of years already
Security hardening
    Such as these https://www.cisecurity.org/cis-benchmarks/
Do not over-permission users
    Prevent users from possibly encrypting all company data or whole computer
0
 
Naveen SharmaCommented:
Its recommended to regularly backup your data
Always keep your software up to date and
End-user awareness and education

Gearing up to Fight Ransomware Attacks

Ways to Protect yourself from Ransomware Attack
0
 
Josh PetragliaDigital Care CoordinatorCommented:
I've attached a PDF Guide our Team has created on this exact topic.
I hope you find this information useful!
Guide-to-Avoid-Being-C-R-Victim_us.pdf
0
 
McKnifeCommented:
Naveem, it should be pointed out why you find different suggestions have different value.
0
 
Naveen SharmaCommented:
Good Points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 2
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now