Set up Group Policy to show file extensions on all workstations so users can see the double file extensions (such as ) often used to disguise malicious software.Minimize the risk of bring your own device (BYOD) by creating a guest network for new or unknown devices.īest Practices for using Group Policy to Stop Ransomware.If you suffer an attack, analyze the behavior of the malware to remediate the corresponding gaps in your defenses and prevent future infections.Quarantine suspicious software on a separate device or network and then check the potential impact from it.If you have already discovered a rogue or unknown process on a server or workstation, immediately disconnect that machine from the network or disable it, and then perform a thorough investigation of the threat.This layer of security is capable of alerting admins of lateral movement or files being accessed on the network. Honeypot is set up to look like a legitimate network and can lure attackers into thinking thet have found a valuable target.Include sandbox and honeypot approaches to your security program:.Disable the network communication protocol SMB v1 this will help prevent common ransomware strains like WannaCry from spreading across your whole network.Since ransomware can access only the files the victim account has access to, this strategy will limit the amount of data that can be encrypted. Keep your permissions structure clean and maintain a strict least-privilege model.Consider segregating your organization’s network into different zones to minimize the ability of ransomware to spread.Enable a secure password policy and account lockout policy to reduce the chance of a ransomware infection after a brute-force attack.Block removable drives since they can contain malware, or at least disable autorun and enforce antivirus scanning for new media.Install and properly configure intrusion detection and intrusion prevention systems to reduce the chances of system compromise.For example, make sure you didn’t leave RDP don’t open remote desktop ports to the internet. Configure your firewall to whitelist only the specific ports and hosts you need.Block known ransomware extensions using File Server Resource Manager.However, always test new software updates in a lab before applying them in production. Apply the latest patches to your operating systems and applications as soon as possible to reduce the window during which new vulnerabilities can be exploited.Ensure that you regularly inventory your software to spot outdated tools. Keep your antivirus software, endpoint protection and other protection solutions and databases up to date.If someone truly needs elevated access, create a separate user account with the required privileges. Don’t give regular users administrative rights on their workstations.
0 Comments
Leave a Reply. |