What steps do I take to protect against a ransomware attack?

This is in regards to an environment that contains multiple Microsoft Windows severs. The particular vulnerability is the shared folders on the servers. This is a general question about a large topic. I'd like to know opinions of what are specific, important, useful steps to take, as well as reliable sources of information and guidance.
KirkenheimAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
The best way (by a wide margin) is to invest in top notch Spam control.

Next, train users to NOT open email from strangers.
Harder, train them not to go to dodgy websites.

Then finally, newer Antivirus products protect against some ransomware.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
The latest windows version (Win10 v1709) has implemented a ransomware protection feature named "windows defender controlled folder access" - google it, plenty of info. The feature is off by default, since it needs a little care when configuring it.

Apart from the classical "have a backup" and "patch your systems", it is very important to understand that the built-in (but inactive by default) application-whitelisting techniques of windows ("software restriction policies"/Applocker) are the best guard against any type of malware - not only ransomware. Only problem is, very few people know or dare to use those. Again: Plenty of documentation sources at microsoft/on the net
2
JohnBusiness Consultant (Owner)Commented:
Good point about backups. I assumed backups were in place, but it does need to be mentioned.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Dr. KlahnPrincipal Software EngineerCommented:
The only real protection is to make periodic full backups on external, disconnectable media that are not connected to the systems when a backup is not actually being done.  Ransomware attacking a system will attack all its drives, shares and servers.  In that situation a network-based backup won't be usable, nor will a cloud-based backup, and the same goes for an internal permanently connected drive.  If the system's backup software can figure out how to get at any of these to do a backup, so can ransomware.

It is an undeniable annoyance and hassle to have to connect and disconnect an external USB drive at each system when doing backups, but that's the only way to guarantee a usable backup when you need it.  Doing it any other way is rolling the dice and hoping that the ransomware is not smart enough to see where the victim system is keeping backups.  Never bet the reliability of your servers no matter what the odds, because when there is an issue the blame will all come crashing down on you.
0
serialbandCommented:
The best protection against a ransomware attack is a disconnected backup.  You should have at least one weekly backup that's taken off site.  You should probably have a rotation of daily backups that get pulled out of rotation if you have more critical daily data.
0
Shaun VermaakTechnical SpecialistCommented:
Version controlled backups
    Common issue I find is people overwriting their backups with already encrypted data
Safe file locations
    Glad Windows Defender is getting this feature. I use Bitdefender AV specifically for this and they had this feature for a couple of years already
Security hardening
    Such as these https://www.cisecurity.org/cis-benchmarks/
Do not over-permission users
    Prevent users from possibly encrypting all company data or whole computer
0
Naveen SharmaCommented:
Its recommended to regularly backup your data
Always keep your software up to date and
End-user awareness and education

Gearing up to Fight Ransomware Attacks

Ways to Protect yourself from Ransomware Attack
0
Josh PetragliaDigital Care CoordinatorCommented:
I've attached a PDF Guide our Team has created on this exact topic.
I hope you find this information useful!
Guide-to-Avoid-Being-C-R-Victim_us.pdf
0
McKnifeCommented:
Naveem, it should be pointed out why you find different suggestions have different value.
0
Naveen SharmaCommented:
Good Points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ransomware

From novice to tech pro — start learning today.