Cyber Advisors Blog

Ransomware and Cryptoware - "It's Not a Matter of IF but WHEN"

Posted by Igor Bogachev on Mar 20, 2017 8:51:27 AM

When cryptoware attacks your organization, it is often too late to do anything about it -
ransomware deploys incredibly fast. Once on a machine, it can take just minutes or even seconds to encrypt files and make them inaccessible. If the machine has a shared network drive, those files can be encrypted, too. What do security analysts suggest these days? Plan, Pray or Pay.iStock-608516150.jpg

Let’s plan together….

HOW CYBER ADVISORS CAN HELP PROTECT YOU AND PROVEN RECOMMENDATIONS WE HAVE DEVELOPED

In this blog, I have listed 17 best practices that will assist you in preventing ransomware. First, I want to highlight the Top Five Solutions that I urge you to implement immediately if you do not already have these in place. 

  1. Strong backup solution with offsite backups and hourly snapshots (#9)
  2. Cisco Umbrella for web filtering (#1)
  3. E-mail protection (#1 and #13)
  4. Security Awareness training for your end users (#12)
  5. Removing local administration rights from the end user (#6)

1) Perimeter Protection:

  • Cloud Security Platform - Cisco Umbrella (formerly OpenDNS),
    https://umbrella.cisco.com , provides the first line of defense against threats on the internet by filtering sites the hackers use.
  • E-mail AntiSpam/Antivirus: Cyber Advisors Inc. recommends Securence e-mail filtering cloud solution to protect mail systems and Kaspersky and ESET for Antivirus.
  • Corporate Firewall: You should include Anti-Virus/Malware/IPS/Web Blocker/Content Filters. Our recommendation is that you never create an incoming ANY rule, regardless of what a software vendor tells you. Golden rule = block ALL connections unless specifically allowed.

2) We suggest you implement a Syslog server to collect & parse logs from your servers, firewalls and routers. https://www.pcwdld.com/free-syslog-servers-windows-and-linux. Get a good syslog parser to quickly decipher real threats vs white noise.

3) Incorporate multi-factor authentication (where applicable): SSL VPN, External Websites, any connection into company resources by an employee.

4) Active Directory: a) Limit Domain, Enterprise, & Schema Admins b) Give Users rights to only the items they need rights to c) Forest/Domain – should be at a minimum a native Server 2008 version for password hash d) Leverage Secure LDAP (port 636) vs. standard LDAP e) Structure and secure File System by distribution groups, document and tune all the time

5) Delete inactive/disabled accounts after 30 days.

6) Remove Local Admin rights from office computers and setup Microsoft LAPS to disallow the installation of malware https://www.microsoft.com/en-us/download/details.aspx?id=46899

7)  Tune up password policies

  • Longer password phrases are better than shorter complex passwords
  • Length - 15 characters
  • Avoid common phrases

8)   Review patching policies on the servers and office computers including third party products.

9)   Practice a 3-2-1 backup strategy that requires you to have three copies of your data in two different locations, one of which is offsite and not connected to your network. That will help you ensure your backup isn’t encrypted by a ransomware attack or a hacker as well.

10)  Make sure your Antivirus Solution (Cyber Advisors recommends Kaspersky and ESET) is setup on the file servers, computers and Remote Desktop server with Systemwatcher/Anti-Crypto.

11)  Review and revoke rights from the users on Remote Desktop Server (RDS) so they do not have rights to install any programs on the server.

12) We strongly recommend to provide social awareness training for the employees. The cost is very reasonable. You can check the link below to read about this program and check the sample: (https://mitnicksecurity.com/security/kevin-mitnick-security-awareness-training).

13) Encrypted E-mail. Cyber advisors Inc. recommends solutions from Zixcorp.

14) Windows 10 Enterprise and Education edition includes Device Guard features which allow the users install only pre-approved applications: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide.

15) Microsoft Operations Management Suite: https://www.microsoft.com/en-us/cloud-platform/security-and-compliance.

16) Conduct a risk assessment to identify and assign value to your organization's critical data assets. You need to know what data is important and where it resides.

17) Determine the cost of downtime should critical assets become encrypted/inaccessible.

 

Contact Cyber Advisors if you have any questions regarding randsomware, cryptoware and how to best protect your organization. 

Topics: Education, Tech Article