Advanced Threat Protection

 View Only
Back to Library

Ransomware Preventive Methodology 

Apr 17, 2017 04:36 PM

Hi All,

As I shared the little research, history and different ways how ransomware propagates into the network and system, now this article will be focused on prevention methodology which is prepared after referring many security sources like Symantec security resource, McAfee, TrendMicro etc. The best part of this article is I am also contributing by sharing my own best ideas to deal with Ransomware. I would request you all to share your valuable feedback to correct my ideas and to share more best practices.

Below is just overview of Ransomware attack flow

Ranomse 4_0.jpg

What are Ransomware Preventive Methodology?

  1. Block all Phishing Email Subjects used to distribute Ransomware.
  2. Most important - keep a backup of your critical files and folder.
  3. File share or File server should be installed on Linux/Unix Servers so Ransomware and any other malware will not execute due to X86 platform compatibility – My IDEA
  4. Use Hybrid threat protection security like for End-user Symantec antivirus, for Servers use Sophos and at spam gateway use Microsoft and vice versa as this will provide multilayered protection with multiple virus definitions – My IDEA
  5. Keep critical file backup on TAPE drive (offline/external storage with restricted/biometric access– My IDEA
  6. Block infected application immediately in application control.
  7. Don’t give every end user administrator user rights and keep the policy of Least-Privilege.
  8. Use FSRM to block ransomware's changes to your file servers.
  9. Use maximum-security features of email and endpoint security solutions like Application and Device Control (ADC) policies; spam mail polices to prevent suspicious files.
  10. Always monitor the behaviors of your browser and machine and validate the resource utilization like CPU, memory used by the suspicious process.
  11. Be careful when opening new e-mails from unknown senders
  12. Never enable Macros to view any incoming mail attachment
  13. Avoid Mapping Network Drives
  14. Always keep your security software up to date to protect yourself against them.
  15. Install and configure Host Intrusion Prevention

What if Ransomware has already encrypted data?

  1. Do not pay the ransom!
  2. If machine is accessible then run Symhelp or antivirus log collection tool to provide support
  3. Try to restore with windows restore point function
  4. Try luck with some Decryption tool provided by some security vendors.

 

Anti-Ransomware tools

 

https://malwarebytes.box.com/s/of0z75mmdwydw327so885ujn4t5mulnj

http://download.bitdefender.com/am/cw/BDAntiRansomwareSetup.exe

https://go.kaspersky.com/Anti-ransomware-tool.html#form

 

Best ransomware Decryption tools

 

https://noransom.kaspersky.com/

https://decrypter.emsisoft.com/

http://www.talosintel.com/teslacrypt_tool/

http://solutionfile.trendmicro.com/SolutionFile/EN-1114221/RansomwareFileDecryptor%201.0.1654%20MUI.zip

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.