How to Stop Ransomware

Key Technologies and Security Best Practices

54% of organizations have been hit by ransomware – twice on average. So it’s critical that you have advanced protection technologies in place, combined with good user security practices to keep your organization secure.

Securing Your Endpoints

Stopping ransomware from gaining a foothold on your endpoint devices is vital. Look for the following key features:

CryptoGuard Technology

Secures your endpoints with unique technology that stops ransomware in its tracks. CryptoGuard complements your existing security, stopping malicious encryption attempts.

  • Effective against Wanna, Petya, Locky, Cerber and much more
  • Stops file, disk and boot ransomware
  • Automatically rolls back changes to impacted files – no loss of data
Exploit Prevention

Stops attackers from taking advantage of vulnerabilities in order to distribute and install ransomware.

Deep Learning

Detects and quarantines ransomware before it can run, without relying on signatures.

HIPS Behavior Analysis/File Analytics

Examines the components/structure of files for malicious elements and checks if it contains code trying to modify the registry.

Web Security

Searches malicious code and blocks access to exploited web pages.

Securing Your Servers

Servers contain your organization’s most sensitive data, making them even more critical to protect. Look for the following key features:

CryptoGuard Anti-ransomware Technology

Protects your valuable server files by blocking processes that attempt to maliciously encrypt your data.

 

Application Control

Restricts which applications are allowed to run, and can block Wscript – which is often used by ransomware.

Lockdown/Whitelisting

Establishes a “default deny” policy on servers so that only trusted applications can run – stopping ransomware from gaining a foothold.

Device Control

Restricts removable media access such as USB keys to eliminate the risk of infected media.

Malicious Traffic Detection

Detects traffic to known ransomware Command & Control servers and blocks it.

Stop Phishing Emails

Phishing emails are a common attack vector for ransomware. Make sure your users are prepared:

Simulated Phishing Attacks

Tests the preparedness of your organization against targeted phishing campaigns.

Customizable Phishing Campaigns

Match the content of the emails to your organization and industry – carefully localized for multiple languages. For example, run a campaign on HIPAA compliance and train your users on suspicious things to look out for.

Detailed Insight into User Performance

Identifies how many users failed, how susceptible they are to phishing attacks, average training passing scores and more

Nine best security practices to apply now

Good IT security practices including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:

1) Patch early, patch often

The sooner you patch the fewer holes there are for ransomware to exploit.

2) Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.

3) Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

4) Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

5) Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

6) Be cautious about unsolicited attachments

If you aren’t sure – don’t open it. Check with the sender if possible.

7) Don't have more login power than you need

Admin rights could mean a local infection becomes a network disaster.

8) Stay up-to-date with new security features in your business applications

For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”.

9) Patch early, patch often!

Staying on top of patching is so important that we’ve called it out twice. Don’t let ransomware exploit a patched vulnerability.