• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 130
  • Last Modified:

Windows Server Malware/Ransomware Protection

What suggestions are there for the best product for ransomeware/malware protection for a Windows Server ??  We have a small office with an older Windows 2012 Server providing necessary services just fine for our needs.  But, we have not installed any malware/ransomeware protection on the Server. Suggestions ???
1 Solution
Lee W, MVPTechnology and Business Process AdvisorCommented:
This is a very broad question - if this were an easy answer, it wouldn't be a problem anymore.  In short, use best practices when it comes to security and protecting your environment.  That includes backing up the server with a periodic OFFLINE copy and a definite off-site copy.  Online backup solutions can work.  If you're virtualized (as you should be) replicate the server off site and then backup that site.  Backup is EXPENSIVE - but it's insurance.  You HOPE you never need it, but if you ever do, you'll be VERY THANKFUL you had it!

Train your users to understand not to click on links or attachments from strangers or even people they know unless they are expecting something.  VERIFY THE SENDER.  One of my clients got hit with something before I got to them and now many of their clients are receiving emails that claim to be from people at their company... but there is no trace of their company in the email... since the name matches someone they know their clients can be more easily tricked into clicking - you need to train your users about this risks!

Use a good firewall and unified threat management device (a cheap linksys firewall is not a good firewall).

Consider using DNS and web filtering services like QUAD9 (if you don't mind the potential government involvement) or pay for other third party services).  Web filters can be part of a UTM - I use Untangle and the paid version can help filter website access.

Use GOOD security protocols at your office.  don't share files with everyone.  That's silly and dangerous.  Sure, you all know each other, and maybe even cover each other when someone is out sick.  It's not about trusting each other.  It's about ensuring if you do get hit, you MINIMIZE the damage.  

HOPEFULLY this is all obvious stuff to you.  To an IT Pro, it should be and hopefully your company has an IT Pro you work with.
Lee W, MVPTechnology and Business Process AdvisorCommented:
And one other pretty important thing - STAY UP TO DATE ON PATCHING!  The ransomware that infected everyone last spring - it spread because people weren't up to date on patches.  The February or March patch fixed the vulnerability that was used when the ransomware came out in April.
btanExec ConsultantCommented:
Baseline hardening being updated and verified is very important especially when you mentioned old server.

Keep the Windows Server operating system up to date with patches and set up antimalware software and an application whitelist for the server.

As a best practice, go for least privileges such that you can restrict users to only have access to the data they need. A limited user access on a need to basis isolate damage from a ransomware infection; if the user cannot access the data, then neither can the ransomware.

Continuous data protection is crucial. It would need to identify the malicious encryption as a file modification, and write the modified storage blocks to backup. And  block the attempt early with backup safely intact off the server, ready for recovery in event server does gets compromised.

Catch the tips on protection tip and solution https://social.technet.microsoft.com/wiki/contents/articles/29787.microsoft-protection-center-security-tips-to-protect-against-ransomware.aspx
And also faq article on safeguards

Particularly, may consider File Server Resource Manager on your Windows Server https://community.spiceworks.com/how_to/128744-prevent-ransomware-by-using-fsrm

General protection rule still applies so high level controls as such mentioned is a necessity check and not just having a solution to be a silverbullet which there isnt one that exists.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

JohnBusiness Consultant (Owner)Commented:
Good information above and nothing wrong with being on Server 2012.

Simply put:

1. Have top notch spam control so you do not even get the problem emails. <- Critical to do this.
2. Train people not to open emails from strangers.
3. Train people not to go to dodgy websites. You can buy filters to prevent this.
4. Backup every day. Make sure backups are complete and not attached to the machines.
5. As stated, keep up to date.

Most businesses fall down on all the above points.
Derek SouterITO Svc Delivery Cons IIICommented:
funny enough, I wrote a blog post on my website about this last year.  after the organisation I was supporting was hit 3 times in 2 weeks (the third time there was no damage to the file servers due to the changes I made)

Here's what I (and others) have done (it's not perfect, but it does stop ransomware dead - at the moment)

Use Windows File Filters on the server to prevent the creation of the encrypted file types (it is hard to keep up, but there is currently no easy way to limit the creation of files to an allowed list of file types - file screens are good, but not perfect) – currently the ransomware will not delete the files if it cannot encrypt them (that is likely to change soon).
David Johnson, CD, MVPOwnerCommented:
I found FSRM to be helpful but you have to keep the filters up to date


One of the problems is that ransomware can encrypt a folder in less than a minute, which is far to fast for a user to respond.

This is a last ditch attempt as the previous good practices that were listed were not followed.

The biggest item is backup, backup, backup as we now have another reason to backup rather than users deleting files accidently, file corruption, drive failure
Naveen SharmaCommented:
User education, keep you software up to date and regularly backup your data.

Gearing up to Fight Ransomware Attacks

Ways to Protect yourself from Ransomware Attack
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now