SlideShare une entreprise Scribd logo

Ransomware Prevention Guide

Brian Honan
Brian Honan

A vendor neutral guide on how to prevent infection of your systems and networks by ransomware

Technologie
1  sur  9
Télécharger pour lire hors ligne
Ransomware Prevention Guidelines Version 1.0 Confidential Page 1 of 9 BH Consulting Stand and Deliver Your Money or Your Bytes A Guide on How to Prevent Ransomware
Ransomware Prevention Guidelines Version 1.0 Confidential Page 2 of 9 BH Consulting Introduction Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable. At its heart, ransomware is simply another form of a computer virus, albeit a very potent one. The methods it uses to infect a computer are the same ones other computer viruses employ. This document details several recommendations to help you in reducing the likelihood of future infection by ransomware, or indeed any other computer viruses or malware, against systems within your organisation. Note that each of these recommendations should be assessed for their applicability to your specific environment and you should conduct a thorough risk assessment to determine if the recommendations outlined in this document are suitable for your environment and are proportionate to the identified threat and risk.
Ransomware Prevention Guidelines Version 1.0 Confidential Page 3 of 9 BH Consulting Recommendations Implement Geo-Blocking for Suspicious Domains & Regions Criminals often host their infrastructure on domains in regions or countries that staff in your organisation would not regularly need to access. If there is no business requirement for staff in your organisation to access systems in these areas, you should consider configuring your firewalls to block all incoming and outgoing traffic to these domains and geographical areas. Block Outgoing I2P Traffic Ransomware often employs the Invisible Internet Project (I2P)1 which is an overlay network and darknet that allows applications to send messages to each other pseudonymously and securely. You should consider blocking all outgoing I2P and other unnecessary peer-to-peer network traffic at the firewalls on the perimeter of your network. This will prevent infected computers communicating with their masters and receiving further instructions. Review Backup Process One of the most effective ways to recover from a ransomware infection is to have a comprehensive and up-to-date backup in place. You should regularly review your backup processes to:  Ensure all relevant data is being backed up  Ensure the backups are completed successfully  Ensure the backup media is protected from being overwritten by ransomware  Implement the 3-2-1 backup rule. Have at least three copies of the most valuable data, keep two of them on different external media, and store one copy offsite. Conduct Regular Testing of Restore Process from Backup Tapes While backing up data is critical process, equally as important is the ability to restore the data successfully when needed. You should conduct regular tests to restore data from backups to:  Ensure the restore process works as expected  Ensure that data has been properly backed up  Ensure the data has not been modified or altered by ransomware  Ensure the timely recovery of critical data. Enhance Email Security with DMARC, SPF and DKIM By analysing publicly available information relating to an organisations email configuration, it is possible to see if Domain-based Message Authentication, Reporting & Conformance (DMARC2) is implemented. DMARC can help to reduce the amount of fraudulent email which may contain ransomware. Implementing DMARC also protects from other security risks such as phishing, spoofing and CEO fraud. It is recommended that you implement DMARC for your email systems.34 1 https://geti2p.net/ 2 https://dmarc.org/ 3 https://dmarc.globalcyberalliance.org/index.html 4 http://cert.europa.eu/static/WhitePapers/Updated-CERT-EU_Security_Whitepaper_DMARC_17- 001_v1_2.pdf
Ransomware Prevention Guidelines Version 1.0 Confidential Page 4 of 9 BH Consulting It is also recommended that you regularly review the email configuration of your email servers to ensure that it has properly configured Sender Policy Framework (SPF5), and DomainKeys Identified Mail (DKIM6) Review Your Incident Response Process You should develop a comprehensive Incident Response Process to include how to deal with ransomware infections. This process should include how incidents are prioritised, recorded, managed, remediated, recovered, and escalated where necessary. This process should also include:  Referring to the NoMoreRansom7 website to see if decryption keys are available for the ransomware being dealt with.  Understanding what conditions call for the issue to be reported to your local law enforcement agency. Refer to the Europol website to determine how you can report issues in your jurisdiction.  Understanding whether you will need to report an issue to relevant regulators. You should also develop a range of Standard Operating Procedures to manage security incidents. There are resources available from the European Union Agency for Network and Information Security (ENISA) in relation to incident response8. In addition, you should review the Incident Response Methodologies9 published by the Computer Emergency Response team for Société Générale. Implement a Robust Cybersecurity Awareness Training Programme Technical controls may not detect and contain all ransomware, or indeed all malware, especially given the rapidly evolving nature of these threats. In this event, the last line of defence is the end user who receives the email or browses the web. Therefore, it is essential that all users are properly empowered to identify security threats and deal with them accordingly. You should review your current security awareness training programme to ensure that it is appropriately resourced and that it targets all users. Although technical controls can minimise the risk posed by various threats, the human factor needs to be constantly managed. If people are not made aware of the threats posed to their systems or data, of the reasons why certain policies and controls are in place, or how to react to a suspect security breach, then the risk of a security breach occurring increases significantly. The security awareness programme should be tailored for the audience. For example, developers should have a different programme and focus on topic relevant to their role compared to the programme aimed at the sales and marketing function. Ensure Anti-Virus Software is Updated and All Features Enabled You should ensure that all PCs have up to date anti-virus software installed and that they are regularly updated with the latest software updates, virus signatures, and security features. In addition, you should ensure that the anti-virus suite deployed on all PCs has all the anti-malware features implemented so that any unusual behaviour that may indicate an infection can be quickly identified. Ensure All Operating System and Software Patches Are Applied You should ensure that all PCs have the latest operating system and software updates deployed and applied in a timely manner. You should investigate and implement a means to keep all PCs and laptops patched with the latest updates for all software applications installed on those computers. Disable ActiveX in Office Files 5 http://www.openspf.org/ 6 http://www.dkim.org/ 7 https://www.nomoreransom.org/ 8 https://www.enisa.europa.eu/topics/csirt-cert-services 9 https://cert.societegenerale.com/en/publications.html
Ransomware Prevention Guidelines Version 1.0 Confidential Page 5 of 9 BH Consulting You should disable ActiveX10 content in the Microsoft Office Suite of applications. Many computer viruses use macros to take advantage of ActiveX and download malware onto the affected PC. This would be particularly recommended to any organisation running devices with any Microsoft operating system earlier than Windows 10. Block Executable Files from the %APPData% and %TEMP% Paths You should look at methods to block executable files from the %APPDATA% and %TEMP% paths on computers with the Microsoft Windows Operating System installed. These folders are often used by malicious software to download and execute the files associated with ransomware and other malicious software. You could employ Software Restriction Policies1112 to protect systems from infection from the use of unauthorised software. Exclude files of the following types:  SCR  PIF  CPL  EXE  DLL  SYS  FON  EFI  OCX. Your PC should be configured to not allow executable files to be run from the following folders  Appdata  LocalAppData  Temp  ProgramData  Desktop It is strongly recommended that all policies are comprehensively tested before being deployed into a live environment. Deploy Windows AppLocker On computers installed with Microsoft Windows, you should consider deploying AppLocker13 to manage which applications can be run. AppLocker is a more advanced way than Software Restriction Policies for managing the applications users can access. It has several features that allow it to be centrally managed, for it to be tested more rigorously before deployment, and create exceptions to the rules. Deploy Microsoft EMET The Microsoft Enhanced Mitigation Experience Toolkit (EMET)14 is a free security utility which helps security vulnerabilities in software from being successfully exploited. They use security mitigation technologies as special protections and obstacles that an exploit author must defeat to take advantage of any software vulnerabilities. 10 https://support.office.com/en-ie/article/Enable-or-disable-ActiveX-settings-in-Office-files-f1303e08- a3f8-41c5-a17e-b0b8898743ed?ui=en-US&rs=en-IE&ad=IE 11 https://technet.microsoft.com/en-us/library/hh831534(v=ws.11).aspx 12 https://technet.microsoft.com/en-us/library/bb457006.aspx 13 https://technet.microsoft.com/en-us/library/dd759117 14 https://support.microsoft.com/en-ie/help/2458544/the-enhanced-mitigation-experience-toolkit
Ransomware Prevention Guidelines Version 1.0 Confidential Page 6 of 9 BH Consulting You should deploy EMET throughout your computer estate to reduce the likelihood of malicious software, or an attacker, exploiting a software vulnerability. Disable Macros in Office Files You should disable Macros15 in the Microsoft Office Suite of applications. Many computer viruses use Macros to download malware onto the affected PC. Improve Visibility of Security Events You should consider deploying a Security Information and Event Management (SIEM) solution to provide visibility into ongoing threats within your network. This SIEM solution could either be deployed internally, or if you do not have the required resources available, it could be outsourced to a Managed Security Service Provider that specialises in this area. Implement an Intrusion Detection System/Intrusion Prevention System (IDS/IPS) Solution A properly configured IDS/IPS solution can be a very effective platform to detect and manage threats on a network. You should initiate a project to ensure the IDS/IPS is fully and properly deployed and that it is regularly reviewed. Intrusion Detection/Intrusion Prevention models can be: Signature-Based: This is where patterns, or signatures, of known attacks are downloaded by the system. Network traffic is compared against these patterns to identify potential attacks. A disadvantage for signature-based detection is that it cannot detect new attacks because it only compares attacks against known signatures. Anomaly-Based: Intrusion Software first needs to learn the “normal” behaviour of your network and the types of traffic and network packets it usually handles. Then, it can be put in to action when traffic is detected that is out of the normal state. Rule-Based: Rule-based systems employ a set of rules or protocols defined as acceptable behaviour. The IDS analyses the behaviour of network traffic or application traffic and if it is deemed as normal behaviour it is allowed. If the traffic is outside the norm, then it is blocked. Establish Baseline Network Behaviour You should ensure that you have full visibility of how your network traffic behaves under normal business conditions. This knowledge can then be used as a baseline to identify any unusual activity which should then be investigated to determine whether it is the result of a potential breach or an issue with the network. Ensure User Access Control (UAC) is enabled on Windows User Access Control is a security feature built in to Windows Vista, 7, 8 and 10 which helps prevent unauthorised changes to a computer. Changes can be initiated by applications, viruses or other users. When UAC is enabled, it makes sure these changes are made only with approval from the person using the computer or by an administrator. Enable the Operating System to Show File Extensions 15 https://support.office.com/en-ie/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e- 174f-47e2-9611-9efe4f860b12
Ransomware Prevention Guidelines Version 1.0 Confidential Page 7 of 9 BH Consulting Attackers can trick users into running a file infected with a computer virus by appending a hidden extension to a filename. For example, a user receives a file called “Not Ransomware.jpg” but the file has a hidden extension of .EXE, thus making the actual filename “Not Ransomeware.jpg.exe”. The user, thinking the file is a picture, opens the file, but because the file is an executable (.exe) file the ransomware hidden in the file is launched. You should change the operating system to show Hidden File Extensions.16 Disable AutoPlay Windows’ AutoPlay feature begins reading from media as soon as it is inserted into a device. You should disable it when plugging in external media17 to reduce the chances of an attack infecting your device from that source. AutoPlay can also be disabled via Group Policy18. Implement User Behavioural Analytic (UBA) systems In line with the Network Baselining recommendation, you should implement a User Behavioural Analytic (UBA) system to identify any unusual or suspicious user activity on the network. Many ransomware infections can be quickly identified by the high rate of file system access to network shares as the ransomware encrypts the targeted files. UAB technologies could detect such activity and enable you to proactively react to a ransomware infection. Implement Ad Blocking Software At the Network Perimeter Ransomware can be deployed via compromised adverts displayed on websites. This can result in a computer becoming infected with ransomware simply by visiting a website that is displaying the malicious advert. To reduce the attack surface from this vector, you should consider implementing blocking software on your network’s firewall to prevent infections via infected advertising on websites. Implement Network Segmentation Consider segmenting your network to reduce the ability of computer worms, whether ransomware or otherwise, to spread rapidly from one system to another. This will give you the ability to cut off infected sections of the network and prevent the infection spreading further. Run Regular Phishing Tests You should run regular phishing simulations against staff to determine how many would potentially fall victim to such an attack. A phishing simulation is a tool to send fake emails to staff with an attachment or link to determine how many staff would click on the attachment or link. As most ransomware attacks are the result of phishing emails, this type of testing, combined with an effective cybersecurity awareness programme, can be quite effective in conditioning staff not to trust all emails and to be cautious when dealing with emails. You should aim to have the click-through rate of staff responding to the phishing simulations to be consistently below 15%, which is considered the industry recognised norm. 16 https://support.microsoft.com/en-ie/help/865219/how-to-show-or-hide-file-name-extensions-in- windows-explorer 17 https://blogs.technet.microsoft.com/danstolts/2012/02/how-to-turn-on-or-off-autoplay-features-in- windows-7change-what-programs-and-media-are-used-in-autoplay/ 18 https://support.microsoft.com/en-ie/help/2328787/disabling-autoplay-through-group-policy-or-the- registry-will-cause-hotstart-buttons-to-not-function-on-microsoft-windows-7-and-microsoft-windows- vista
Ransomware Prevention Guidelines Version 1.0 Confidential Page 8 of 9 BH Consulting Staff who consistently fail the phishing simulations should be given additional security awareness training and/or have additional technical controls and restrictions placed on their systems. Ensure Appropriate Training for Technical Staff You should develop a technical training programme to ensure that technical staff have the relevant training to enable them to confidently manage the various security platforms installed in your environment. Upgrade to Latest Version of Windows You should upgrade computers with Microsoft Windows installed on them to the latest version of the operating system. At the time of writing, Windows 10 Professional is now considered to be one of the most secure desktop operating systems19. Implement Threat Intelligence You should subscribe to reliable threat intelligence services which would provide you with Indicators of Compromise (IoCs) and other data which could be used to identify malware threats within your network. These will regularly update you with details of malicious and suspicious URLs, domains, and IP addresses on the internet, to which you can then block access from your network. Although several of these threat intelligence services are commercial and require a subscription, there are open source options available such as the Malware Information Sharing Project (MISP)20. This is a free threat sharing platform which enables organisations to share information on security incidents to help other organisations better protect themselves. Deploy Honeypots You should deploy honeypots on your network to help you proactively detect an intrusion on your network, including intrusions relating to ransomware. A honeypot system is a decoy set up to look like a live system; any activity on it could be a strong indicator that the network is compromised. Honeypots can be an effective tool if used correctly, however caution is advised when working with honeypots to ensure they do not adversely impact your environment or be compromised by attackers to attack other systems within your network, or indeed systems external to your organisation. ENISA has a very good paper on how best to deploy honeypots21. Implement appropriate Rights/Permissions for users You should create and maintain users’ rights and permission sets within their network operating system. Users should only be issued the rights/permissions required for their job role. If they change role within the organisation, then their rights/permissions need to change accordingly. Monitor Domain Name System (DNS) Logs for Unusual Activity The DNS servers have logs which contain records of all the domains and networks accessed by devices on your network. Regular monitoring of the DNS server logs could identify traffic being relayed to or from unusual hosts which may not be associated with normal business activity. This unusual traffic could indicate a malware infection. 19 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day- exploit-mitigations/ 20 http://www.misp-project.org/index.html 21 https://www.enisa.europa.eu/topics/csirt-cert-services/proactive-services/proactive-detection
Ransomware Prevention Guidelines Version 1.0 Confidential Page 9 of 9 BH Consulting Review Security of Mobile Devices You should note that ransomware is migrating towards mobile devices22 such as smartphones and tablets, and it would be prudent for you to review the security of mobile devices to include:  Ensuring anti-malware software is installed, running, and regularly updated on mobile devices  Software and operating system patches are applied in a timely manner  Sensitive data is backed up from mobile devices. 22 https://us.norton.com/internetsecurity-mobile-what-is-mobile-ransomware.html

Recommandé

Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryBright Technology
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemClickSSL
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 

Recommandé

Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryBright Technology
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemClickSSL
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomwareOsirium Limited
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
Ransomware
RansomwareRansomware
RansomwareManashay raju Yannapu CEH,ITIL,CCNA
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Computer virus
Computer virusComputer virus
Computer virusFlora Runyenje
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Computer virus
Computer virusComputer virus
Computer virusAnkita Shirke
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirusShabnam Bashir
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudNordic Backup
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 

Contenu connexe

Tendances

Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomwareOsirium Limited
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirusShabnam Bashir
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudNordic Backup
 

Tendances (20)

Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Ransomware
RansomwareRansomware
Ransomware
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Computer virus
Computer virusComputer virus
Computer virus
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File Inclusion
 
Computer virus
Computer virusComputer virus
Computer virus
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand security
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Program security
Program securityProgram security
Program security
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the Cloud
 

Similaire à Ransomware Prevention Guide

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Cyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesCyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesDam Frank
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basicsjeeva9948
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
 

Similaire à Ransomware Prevention Guide (20)

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Ransomware
RansomwareRansomware
Ransomware
 
Cyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesCyber Incident Response Proposed Strategies
Cyber Incident Response Proposed Strategies
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 
Endpoint security
Endpoint securityEndpoint security
Endpoint security
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basics
 
185
185185
185
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
 

Plus de Brian Honan

Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynoteBrian Honan
 
GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?Brian Honan
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internetBrian Honan
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honanBrian Honan
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the CloudBrian Honan
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecurityBrian Honan
 
Bridging the air gap
Bridging the air gapBridging the air gap
Bridging the air gapBrian Honan
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Learning from History
Learning from HistoryLearning from History
Learning from HistoryBrian Honan
 
Incident response cloud
Incident response cloudIncident response cloud
Incident response cloudBrian Honan
 
Preparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponsePreparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponseBrian Honan
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
Layer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & ScreenLayer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & ScreenBrian Honan
 
Creating a CERT at WARP Speed
Creating a CERT at WARP SpeedCreating a CERT at WARP Speed
Creating a CERT at WARP SpeedBrian Honan
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsBrian Honan
 
Ic Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp BhIc Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp BhBrian Honan
 
Knowing Me Knowing You
Knowing Me Knowing YouKnowing Me Knowing You
Knowing Me Knowing YouBrian Honan
 

Plus de Brian Honan (20)

Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynote
 
GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?
 
Brian honan
Brian honanBrian honan
Brian honan
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internet
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honan
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the Cloud
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Bridging the air gap
Bridging the air gapBridging the air gap
Bridging the air gap
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
Learning from History
Learning from HistoryLearning from History
Learning from History
 
Incident response cloud
Incident response cloudIncident response cloud
Incident response cloud
 
Preparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponsePreparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident Response
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
 
Cloud security
Cloud securityCloud security
Cloud security
 
Layer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & ScreenLayer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & Screen
 
Creating a CERT at WARP Speed
Creating a CERT at WARP SpeedCreating a CERT at WARP Speed
Creating a CERT at WARP Speed
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure Laws
 
Ic Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp BhIc Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp Bh
 
Knowing Me Knowing You
Knowing Me Knowing YouKnowing Me Knowing You
Knowing Me Knowing You
 

Dernier

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Dernier (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

Ransomware Prevention Guide

  • 1. Ransomware Prevention Guidelines Version 1.0 Confidential Page 1 of 9 BH Consulting Stand and Deliver Your Money or Your Bytes A Guide on How to Prevent Ransomware
  • 2. Ransomware Prevention Guidelines Version 1.0 Confidential Page 2 of 9 BH Consulting Introduction Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable. At its heart, ransomware is simply another form of a computer virus, albeit a very potent one. The methods it uses to infect a computer are the same ones other computer viruses employ. This document details several recommendations to help you in reducing the likelihood of future infection by ransomware, or indeed any other computer viruses or malware, against systems within your organisation. Note that each of these recommendations should be assessed for their applicability to your specific environment and you should conduct a thorough risk assessment to determine if the recommendations outlined in this document are suitable for your environment and are proportionate to the identified threat and risk.
  • 3. Ransomware Prevention Guidelines Version 1.0 Confidential Page 3 of 9 BH Consulting Recommendations Implement Geo-Blocking for Suspicious Domains & Regions Criminals often host their infrastructure on domains in regions or countries that staff in your organisation would not regularly need to access. If there is no business requirement for staff in your organisation to access systems in these areas, you should consider configuring your firewalls to block all incoming and outgoing traffic to these domains and geographical areas. Block Outgoing I2P Traffic Ransomware often employs the Invisible Internet Project (I2P)1 which is an overlay network and darknet that allows applications to send messages to each other pseudonymously and securely. You should consider blocking all outgoing I2P and other unnecessary peer-to-peer network traffic at the firewalls on the perimeter of your network. This will prevent infected computers communicating with their masters and receiving further instructions. Review Backup Process One of the most effective ways to recover from a ransomware infection is to have a comprehensive and up-to-date backup in place. You should regularly review your backup processes to:  Ensure all relevant data is being backed up  Ensure the backups are completed successfully  Ensure the backup media is protected from being overwritten by ransomware  Implement the 3-2-1 backup rule. Have at least three copies of the most valuable data, keep two of them on different external media, and store one copy offsite. Conduct Regular Testing of Restore Process from Backup Tapes While backing up data is critical process, equally as important is the ability to restore the data successfully when needed. You should conduct regular tests to restore data from backups to:  Ensure the restore process works as expected  Ensure that data has been properly backed up  Ensure the data has not been modified or altered by ransomware  Ensure the timely recovery of critical data. Enhance Email Security with DMARC, SPF and DKIM By analysing publicly available information relating to an organisations email configuration, it is possible to see if Domain-based Message Authentication, Reporting & Conformance (DMARC2) is implemented. DMARC can help to reduce the amount of fraudulent email which may contain ransomware. Implementing DMARC also protects from other security risks such as phishing, spoofing and CEO fraud. It is recommended that you implement DMARC for your email systems.34 1 https://geti2p.net/ 2 https://dmarc.org/ 3 https://dmarc.globalcyberalliance.org/index.html 4 http://cert.europa.eu/static/WhitePapers/Updated-CERT-EU_Security_Whitepaper_DMARC_17- 001_v1_2.pdf
  • 4. Ransomware Prevention Guidelines Version 1.0 Confidential Page 4 of 9 BH Consulting It is also recommended that you regularly review the email configuration of your email servers to ensure that it has properly configured Sender Policy Framework (SPF5), and DomainKeys Identified Mail (DKIM6) Review Your Incident Response Process You should develop a comprehensive Incident Response Process to include how to deal with ransomware infections. This process should include how incidents are prioritised, recorded, managed, remediated, recovered, and escalated where necessary. This process should also include:  Referring to the NoMoreRansom7 website to see if decryption keys are available for the ransomware being dealt with.  Understanding what conditions call for the issue to be reported to your local law enforcement agency. Refer to the Europol website to determine how you can report issues in your jurisdiction.  Understanding whether you will need to report an issue to relevant regulators. You should also develop a range of Standard Operating Procedures to manage security incidents. There are resources available from the European Union Agency for Network and Information Security (ENISA) in relation to incident response8. In addition, you should review the Incident Response Methodologies9 published by the Computer Emergency Response team for Société Générale. Implement a Robust Cybersecurity Awareness Training Programme Technical controls may not detect and contain all ransomware, or indeed all malware, especially given the rapidly evolving nature of these threats. In this event, the last line of defence is the end user who receives the email or browses the web. Therefore, it is essential that all users are properly empowered to identify security threats and deal with them accordingly. You should review your current security awareness training programme to ensure that it is appropriately resourced and that it targets all users. Although technical controls can minimise the risk posed by various threats, the human factor needs to be constantly managed. If people are not made aware of the threats posed to their systems or data, of the reasons why certain policies and controls are in place, or how to react to a suspect security breach, then the risk of a security breach occurring increases significantly. The security awareness programme should be tailored for the audience. For example, developers should have a different programme and focus on topic relevant to their role compared to the programme aimed at the sales and marketing function. Ensure Anti-Virus Software is Updated and All Features Enabled You should ensure that all PCs have up to date anti-virus software installed and that they are regularly updated with the latest software updates, virus signatures, and security features. In addition, you should ensure that the anti-virus suite deployed on all PCs has all the anti-malware features implemented so that any unusual behaviour that may indicate an infection can be quickly identified. Ensure All Operating System and Software Patches Are Applied You should ensure that all PCs have the latest operating system and software updates deployed and applied in a timely manner. You should investigate and implement a means to keep all PCs and laptops patched with the latest updates for all software applications installed on those computers. Disable ActiveX in Office Files 5 http://www.openspf.org/ 6 http://www.dkim.org/ 7 https://www.nomoreransom.org/ 8 https://www.enisa.europa.eu/topics/csirt-cert-services 9 https://cert.societegenerale.com/en/publications.html
  • 5. Ransomware Prevention Guidelines Version 1.0 Confidential Page 5 of 9 BH Consulting You should disable ActiveX10 content in the Microsoft Office Suite of applications. Many computer viruses use macros to take advantage of ActiveX and download malware onto the affected PC. This would be particularly recommended to any organisation running devices with any Microsoft operating system earlier than Windows 10. Block Executable Files from the %APPData% and %TEMP% Paths You should look at methods to block executable files from the %APPDATA% and %TEMP% paths on computers with the Microsoft Windows Operating System installed. These folders are often used by malicious software to download and execute the files associated with ransomware and other malicious software. You could employ Software Restriction Policies1112 to protect systems from infection from the use of unauthorised software. Exclude files of the following types:  SCR  PIF  CPL  EXE  DLL  SYS  FON  EFI  OCX. Your PC should be configured to not allow executable files to be run from the following folders  Appdata  LocalAppData  Temp  ProgramData  Desktop It is strongly recommended that all policies are comprehensively tested before being deployed into a live environment. Deploy Windows AppLocker On computers installed with Microsoft Windows, you should consider deploying AppLocker13 to manage which applications can be run. AppLocker is a more advanced way than Software Restriction Policies for managing the applications users can access. It has several features that allow it to be centrally managed, for it to be tested more rigorously before deployment, and create exceptions to the rules. Deploy Microsoft EMET The Microsoft Enhanced Mitigation Experience Toolkit (EMET)14 is a free security utility which helps security vulnerabilities in software from being successfully exploited. They use security mitigation technologies as special protections and obstacles that an exploit author must defeat to take advantage of any software vulnerabilities. 10 https://support.office.com/en-ie/article/Enable-or-disable-ActiveX-settings-in-Office-files-f1303e08- a3f8-41c5-a17e-b0b8898743ed?ui=en-US&rs=en-IE&ad=IE 11 https://technet.microsoft.com/en-us/library/hh831534(v=ws.11).aspx 12 https://technet.microsoft.com/en-us/library/bb457006.aspx 13 https://technet.microsoft.com/en-us/library/dd759117 14 https://support.microsoft.com/en-ie/help/2458544/the-enhanced-mitigation-experience-toolkit
  • 6. Ransomware Prevention Guidelines Version 1.0 Confidential Page 6 of 9 BH Consulting You should deploy EMET throughout your computer estate to reduce the likelihood of malicious software, or an attacker, exploiting a software vulnerability. Disable Macros in Office Files You should disable Macros15 in the Microsoft Office Suite of applications. Many computer viruses use Macros to download malware onto the affected PC. Improve Visibility of Security Events You should consider deploying a Security Information and Event Management (SIEM) solution to provide visibility into ongoing threats within your network. This SIEM solution could either be deployed internally, or if you do not have the required resources available, it could be outsourced to a Managed Security Service Provider that specialises in this area. Implement an Intrusion Detection System/Intrusion Prevention System (IDS/IPS) Solution A properly configured IDS/IPS solution can be a very effective platform to detect and manage threats on a network. You should initiate a project to ensure the IDS/IPS is fully and properly deployed and that it is regularly reviewed. Intrusion Detection/Intrusion Prevention models can be: Signature-Based: This is where patterns, or signatures, of known attacks are downloaded by the system. Network traffic is compared against these patterns to identify potential attacks. A disadvantage for signature-based detection is that it cannot detect new attacks because it only compares attacks against known signatures. Anomaly-Based: Intrusion Software first needs to learn the “normal” behaviour of your network and the types of traffic and network packets it usually handles. Then, it can be put in to action when traffic is detected that is out of the normal state. Rule-Based: Rule-based systems employ a set of rules or protocols defined as acceptable behaviour. The IDS analyses the behaviour of network traffic or application traffic and if it is deemed as normal behaviour it is allowed. If the traffic is outside the norm, then it is blocked. Establish Baseline Network Behaviour You should ensure that you have full visibility of how your network traffic behaves under normal business conditions. This knowledge can then be used as a baseline to identify any unusual activity which should then be investigated to determine whether it is the result of a potential breach or an issue with the network. Ensure User Access Control (UAC) is enabled on Windows User Access Control is a security feature built in to Windows Vista, 7, 8 and 10 which helps prevent unauthorised changes to a computer. Changes can be initiated by applications, viruses or other users. When UAC is enabled, it makes sure these changes are made only with approval from the person using the computer or by an administrator. Enable the Operating System to Show File Extensions 15 https://support.office.com/en-ie/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e- 174f-47e2-9611-9efe4f860b12
  • 7. Ransomware Prevention Guidelines Version 1.0 Confidential Page 7 of 9 BH Consulting Attackers can trick users into running a file infected with a computer virus by appending a hidden extension to a filename. For example, a user receives a file called “Not Ransomware.jpg” but the file has a hidden extension of .EXE, thus making the actual filename “Not Ransomeware.jpg.exe”. The user, thinking the file is a picture, opens the file, but because the file is an executable (.exe) file the ransomware hidden in the file is launched. You should change the operating system to show Hidden File Extensions.16 Disable AutoPlay Windows’ AutoPlay feature begins reading from media as soon as it is inserted into a device. You should disable it when plugging in external media17 to reduce the chances of an attack infecting your device from that source. AutoPlay can also be disabled via Group Policy18. Implement User Behavioural Analytic (UBA) systems In line with the Network Baselining recommendation, you should implement a User Behavioural Analytic (UBA) system to identify any unusual or suspicious user activity on the network. Many ransomware infections can be quickly identified by the high rate of file system access to network shares as the ransomware encrypts the targeted files. UAB technologies could detect such activity and enable you to proactively react to a ransomware infection. Implement Ad Blocking Software At the Network Perimeter Ransomware can be deployed via compromised adverts displayed on websites. This can result in a computer becoming infected with ransomware simply by visiting a website that is displaying the malicious advert. To reduce the attack surface from this vector, you should consider implementing blocking software on your network’s firewall to prevent infections via infected advertising on websites. Implement Network Segmentation Consider segmenting your network to reduce the ability of computer worms, whether ransomware or otherwise, to spread rapidly from one system to another. This will give you the ability to cut off infected sections of the network and prevent the infection spreading further. Run Regular Phishing Tests You should run regular phishing simulations against staff to determine how many would potentially fall victim to such an attack. A phishing simulation is a tool to send fake emails to staff with an attachment or link to determine how many staff would click on the attachment or link. As most ransomware attacks are the result of phishing emails, this type of testing, combined with an effective cybersecurity awareness programme, can be quite effective in conditioning staff not to trust all emails and to be cautious when dealing with emails. You should aim to have the click-through rate of staff responding to the phishing simulations to be consistently below 15%, which is considered the industry recognised norm. 16 https://support.microsoft.com/en-ie/help/865219/how-to-show-or-hide-file-name-extensions-in- windows-explorer 17 https://blogs.technet.microsoft.com/danstolts/2012/02/how-to-turn-on-or-off-autoplay-features-in- windows-7change-what-programs-and-media-are-used-in-autoplay/ 18 https://support.microsoft.com/en-ie/help/2328787/disabling-autoplay-through-group-policy-or-the- registry-will-cause-hotstart-buttons-to-not-function-on-microsoft-windows-7-and-microsoft-windows- vista
  • 8. Ransomware Prevention Guidelines Version 1.0 Confidential Page 8 of 9 BH Consulting Staff who consistently fail the phishing simulations should be given additional security awareness training and/or have additional technical controls and restrictions placed on their systems. Ensure Appropriate Training for Technical Staff You should develop a technical training programme to ensure that technical staff have the relevant training to enable them to confidently manage the various security platforms installed in your environment. Upgrade to Latest Version of Windows You should upgrade computers with Microsoft Windows installed on them to the latest version of the operating system. At the time of writing, Windows 10 Professional is now considered to be one of the most secure desktop operating systems19. Implement Threat Intelligence You should subscribe to reliable threat intelligence services which would provide you with Indicators of Compromise (IoCs) and other data which could be used to identify malware threats within your network. These will regularly update you with details of malicious and suspicious URLs, domains, and IP addresses on the internet, to which you can then block access from your network. Although several of these threat intelligence services are commercial and require a subscription, there are open source options available such as the Malware Information Sharing Project (MISP)20. This is a free threat sharing platform which enables organisations to share information on security incidents to help other organisations better protect themselves. Deploy Honeypots You should deploy honeypots on your network to help you proactively detect an intrusion on your network, including intrusions relating to ransomware. A honeypot system is a decoy set up to look like a live system; any activity on it could be a strong indicator that the network is compromised. Honeypots can be an effective tool if used correctly, however caution is advised when working with honeypots to ensure they do not adversely impact your environment or be compromised by attackers to attack other systems within your network, or indeed systems external to your organisation. ENISA has a very good paper on how best to deploy honeypots21. Implement appropriate Rights/Permissions for users You should create and maintain users’ rights and permission sets within their network operating system. Users should only be issued the rights/permissions required for their job role. If they change role within the organisation, then their rights/permissions need to change accordingly. Monitor Domain Name System (DNS) Logs for Unusual Activity The DNS servers have logs which contain records of all the domains and networks accessed by devices on your network. Regular monitoring of the DNS server logs could identify traffic being relayed to or from unusual hosts which may not be associated with normal business activity. This unusual traffic could indicate a malware infection. 19 https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day- exploit-mitigations/ 20 http://www.misp-project.org/index.html 21 https://www.enisa.europa.eu/topics/csirt-cert-services/proactive-services/proactive-detection
  • 9. Ransomware Prevention Guidelines Version 1.0 Confidential Page 9 of 9 BH Consulting Review Security of Mobile Devices You should note that ransomware is migrating towards mobile devices22 such as smartphones and tablets, and it would be prudent for you to review the security of mobile devices to include:  Ensuring anti-malware software is installed, running, and regularly updated on mobile devices  Software and operating system patches are applied in a timely manner  Sensitive data is backed up from mobile devices. 22 https://us.norton.com/internetsecurity-mobile-what-is-mobile-ransomware.html