How to stay protected against Ransomware

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Best security practices to follow:

Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees, are essential components of every single security setup. Make sure you’re following these 10 best practices:

1. Patch early, patch often

Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash, and more. The sooner you patch, the fewer holes there are to be exploited. Importance of patching is explained in the article below:

https://nakedsecurity.sophos.com/2019/07/01/rdp-bluekeep-exploit-shows-why-you-really-really-need-to-patch/

2. Backup regularly and keep a recent backup copy off-line and off-site

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands. Furthermore, a disaster recovery plan that covers the restoration of data and whole systems.

3. Enable file extensions

The default Windows setting is to have file extensions disabled, meaning you have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

4. Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

5. Don’t enable macros in document attachments received via email

Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!

6. Be cautious about unsolicited attachments

The crooks are relying on the dilemma you face knowing that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt leave it out.

7. Monitor administrator rights

Constantly review admin and domain admin rights. Know who has them and remove those who do not need them. Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while you have administrator rights.

8. Stay up to date with new security features in your business applications

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet,” which helps protect against external malicious content without stopping you from using macros internally.

9. Regulate external network access

Don’t leave ports exposed to the world. Lock down your organization’s RDP access and other management protocols. Furthermore, use two-factor authentication and ensure remote users authenticate against a VPN. Article below has some very useful information which is worth reading:

https://nakedsecurity.sophos.com/2017/11/15/ransomware-spreading-hackers-sneak-in-through-rdp/

10. Use strong passwords

It sounds trivial, but it really isn’t. A weak and predictable password can give hackers access to your entire network in a matter of seconds. We recommend making them impersonal, at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation Ju5t.LiKETh1s!

For more details on how to stay protected, please refer to the link below:

https://secure2.sophos.com/en-us/security-news-trends/whitepapers/gated-wp/sophos-ransomware-protection.aspx



Added Disclaimer
[edited by: GlennSen at 3:38 PM (GMT -7) on 5 Apr 2023]