Below are some of the controls you can consider to protect your environment from Ransomeware attacks:
- User Training
- Identify phishing
- Train your users to be able to identify phishing attacks
- How to handle attachments
- Block executable and compressed zip files
- Train your users about Macros and risky files
- Incident procedures
- Be prepared and have an incident response plan for Ransomeware attacks
- Protecting the PC
- Blocking emails
- Use security controls, email gateways, AVs, sandboxing, etc
- Restriction on Group Policies and Firewalls
- Block risky applications like Flash
- Block Proxies like Tor
- Block websites with low or no rating
- Block download capability from low rating websites, bittorents, public file shares
- Limiting User Rights
- Do not allow privileged access to the workstations
- Execute application whitelisting when possible
- Revisiting Mapped Drives
- Minimize user access to what is needed
- Protecting the Server and Backups
- Securing File Locations
- Secure file shares, file servers, storages and the permissions on them
- Backup Data
- Backup data regularly and review and verify on regular bases
- Integrity monitoring
- Use File integrity monitoring solutions (FIM)
No comments:
Post a Comment