22 tips for preventing ransomware attacks

The explosion of ransomware in the past year has many infosec professionals worried because of the devastation it can wreak on an organization that doesn’t have a backup and recovery strategy.

The just-published Cisco Systems Annual Security Report noted that ransomware has two main advantages to criminals: It is a low-maintenance operation, and it offers a quick path to monetization because the victims have to pay in cryptocurrencies.

With that in mind, security researcher David Balaban has published a list of 22 ways users (and CISOs) can protect their organizations against this scourge. While the number one strategy is obvious — have a well-thought out and practiced backup and recovery plan — there are a number of other recommendations security teams should keep in mind.

Arguably number two on the list is is the importance of training staff to be security aware and not click on every attachment. If the infrastructure team hasn’t done so already, it’s vital to configure the webmail server to block attachments with extensions like .exe, .vbs or .scr.

The list also struck me as particularly appropriate for readers who work at small businesses, where the IT department may be only one person.

For example, few may think of disabling vssaexe, used by Windows to administer Volume Shadow Copy Service. Although its purpose is to restore previous versions of arbitrary files ransomware uses VSS to obliterate shadow volume snapshots. Turned off, it protects the device. Turned on after an attack it can be used to restore files.

IT should also consider disabling PowerShell, a task automation framework for administrators, says Balaban. As I wrote last week in a story on protecting Active Directory, PowerShell is also a vehicle for exploit kits.

However,  in an email to me this morning AD expert Sean Metcalf disagreed. “There are better ways to get real security instead of feeling like ‘you did something,”” he wrote. “First off, you can’t really “disable PowerShell” since PowerShell is more than just PowerShell.exe. It is simple to recommend doing this, but it doesn’t stop attacks. The best way to deal with the fact that attackers are using legitimate tools such as PowerShell, is to get users on a more secure OS like Windows 10 which has enhanced security features which mitigates many types off attack methods, including PowerShell (PowerShell version 5 has many of these security enhancements as well which can be installed on older operating systems).

“My message regarding PowerShell is “Don’t block PowerShell, embrace it.” Granted this message is geared more to the enterprise, than SOHO or consumer, but in general, it’s better to log PowerShell usage and gain better insight into what’s going on in the network than blocking it and having attackers shift tactics to another successful method and be blind.”

Read the full list here. 

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now