Steps to Help Prevent & Limit the Impact of Ransomware

Steps to Help Prevent & Limit the Impact of Ransomware

1. Use strong and unique passwords on user accounts that cannot be easily breached. Weak passwords like Admin, admin@123, user, 123456, password, Pass@123, etc., can be easily brute-forced in the first few attempts itself.

2. Configure password protection for your security software. This would prevent any unauthorized users from accessing the system from disabling or uninstalling it. Quick Heal users can enable this feature from the Settings => Password Protection.

3. Disable the Administrator account and use a different account name for administrative activities. Most brute-force attempts are done on an Administrator user account as it is present by default. Also, remove any other unused or guest accounts if configured on the system.

4. Change the default RDP port from the default‘3389’.. Most attacks of such type focus on targeting port 3389 of RDP.

5. Enable Network Level Authentication (NLA) feature in your RDP settings available in Windows Vista and later OS. Ref: https://technet.microsoft.com/en-us/library/cc732713.aspx

6. Configuring Account Lockout Policies that automatically lock the account after a specific number of failed attempts. This feature is available in Windows and the threshold can be customized as per the administrator. Ref: https://technet.microsoft.com/en-us/library/dd277400..aspx

7. Route the RDP traffic only through the Hardware Firewall with highly secured traffic rules to allow only trustworthy connections.

8. Kindly do not open any mail attachments or read emails from unknown people.

9. Kindly do not visit any unknown link provided in the mail by unknown people.

10. Do not allow outside pen drive in your network and scan the authorized pen drive before accessing it.

11. Keep your Microsoft Windows updated with the latest updates.

12. Keep third-party software up to date with the latest security patches provided by them.

13. Keep your Antivirus up to date and perform scanning on weekly basis.

14. Check for unprotected systems in your network and protect them with Antivirus installed.

15. Do not allow unknown/suspicious files detected by the Behavior Detection System in Antivirus.

16. The best practices discussed above highlight the need to educate your users about some of the most common types of phishing attacks that are in circulation.

17. In order to protect yourself against a ransomware infection, you first need to know what hardware and software assets are connected to the network.

18. Instantly disable the web if you spot a suspicious process on your computer.

19. Only download from sites you trust.

20. Keep the Windows Firewall turned on and properly configured at all times.

21. Disable Windows PowerShell & Windows Script Host. (If you ar not using)

22. Tor (The Onion Router) gateways are one of the primary means for ransomware threats to communicate with their C&C servers. You can therefore block known malicious Tor IP addresses, as those may help to impede the critical malicious processes from getting through.

23. Segment the network.

24. Use Software Restriction Policies.