Windows Server Malware/Ransomware Protection

What suggestions are there for the best product for ransomeware/malware protection for a Windows Server ??  We have a small office with an older Windows 2012 Server providing necessary services just fine for our needs.  But, we have not installed any malware/ransomeware protection on the Server. Suggestions ???
ftv34p4sAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
This is a very broad question - if this were an easy answer, it wouldn't be a problem anymore.  In short, use best practices when it comes to security and protecting your environment.  That includes backing up the server with a periodic OFFLINE copy and a definite off-site copy.  Online backup solutions can work.  If you're virtualized (as you should be) replicate the server off site and then backup that site.  Backup is EXPENSIVE - but it's insurance.  You HOPE you never need it, but if you ever do, you'll be VERY THANKFUL you had it!

Train your users to understand not to click on links or attachments from strangers or even people they know unless they are expecting something.  VERIFY THE SENDER.  One of my clients got hit with something before I got to them and now many of their clients are receiving emails that claim to be from people at their company... but there is no trace of their company in the email... since the name matches someone they know their clients can be more easily tricked into clicking - you need to train your users about this risks!

Use a good firewall and unified threat management device (a cheap linksys firewall is not a good firewall).

Consider using DNS and web filtering services like QUAD9 (if you don't mind the potential government involvement) or pay for other third party services).  Web filters can be part of a UTM - I use Untangle and the paid version can help filter website access.

Use GOOD security protocols at your office.  don't share files with everyone.  That's silly and dangerous.  Sure, you all know each other, and maybe even cover each other when someone is out sick.  It's not about trusting each other.  It's about ensuring if you do get hit, you MINIMIZE the damage.  

HOPEFULLY this is all obvious stuff to you.  To an IT Pro, it should be and hopefully your company has an IT Pro you work with.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
And one other pretty important thing - STAY UP TO DATE ON PATCHING!  The ransomware that infected everyone last spring - it spread because people weren't up to date on patches.  The February or March patch fixed the vulnerability that was used when the ransomware came out in April.
0
btanExec ConsultantCommented:
Baseline hardening being updated and verified is very important especially when you mentioned old server.

Keep the Windows Server operating system up to date with patches and set up antimalware software and an application whitelist for the server.

As a best practice, go for least privileges such that you can restrict users to only have access to the data they need. A limited user access on a need to basis isolate damage from a ransomware infection; if the user cannot access the data, then neither can the ransomware.

Continuous data protection is crucial. It would need to identify the malicious encryption as a file modification, and write the modified storage blocks to backup. And  block the attempt early with backup safely intact off the server, ready for recovery in event server does gets compromised.

Catch the tips on protection tip and solution https://social.technet.microsoft.com/wiki/contents/articles/29787.microsoft-protection-center-security-tips-to-protect-against-ransomware.aspx
And also faq article on safeguards
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html

Particularly, may consider File Server Resource Manager on your Windows Server https://community.spiceworks.com/how_to/128744-prevent-ransomware-by-using-fsrm

General protection rule still applies so high level controls as such mentioned is a necessity check and not just having a solution to be a silverbullet which there isnt one that exists.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

JohnBusiness Consultant (Owner)Commented:
Good information above and nothing wrong with being on Server 2012.

Simply put:

1. Have top notch spam control so you do not even get the problem emails. <- Critical to do this.
2. Train people not to open emails from strangers.
3. Train people not to go to dodgy websites. You can buy filters to prevent this.
4. Backup every day. Make sure backups are complete and not attached to the machines.
5. As stated, keep up to date.

Most businesses fall down on all the above points.
0
Derek SouterITO Svc Delivery Cons IIICommented:
funny enough, I wrote a blog post on my website about this last year.  after the organisation I was supporting was hit 3 times in 2 weeks (the third time there was no damage to the file servers due to the changes I made)

Here's what I (and others) have done (it's not perfect, but it does stop ransomware dead - at the moment)

Use Windows File Filters on the server to prevent the creation of the encrypted file types (it is hard to keep up, but there is currently no easy way to limit the creation of files to an allowed list of file types - file screens are good, but not perfect) – currently the ransomware will not delete the files if it cannot encrypt them (that is likely to change soon).
0
David Johnson, CD, MVPOwnerCommented:
I found FSRM to be helpful but you have to keep the filters up to date

https://gallery.technet.microsoft.com/scriptcenter/Protect-your-File-Server-f3722fce

One of the problems is that ransomware can encrypt a folder in less than a minute, which is far to fast for a user to respond.

This is a last ditch attempt as the previous good practices that were listed were not followed.

The biggest item is backup, backup, backup as we now have another reason to backup rather than users deleting files accidently, file corruption, drive failure
0
Naveen SharmaCommented:
User education, keep you software up to date and regularly backup your data.

Gearing up to Fight Ransomware Attacks

Ways to Protect yourself from Ransomware Attack
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.