Ransomware is a malicious computer virus that corrupts files on an infected system and demands a ransom. Typically, viruses like WannaCry use encryption to cipher data securely, and there is no way to roll-back this procedure.
Following these ransomware best practices will help you to minimize the risk for being infected and limit the damage that a successful attack can do.
- Enable file extensions. To easily spot file types that wouldn’t be commonly be sent to you and your users
- Regulate external network access. Don’t leave ports exposed to the world. Lock down your organization’s RDP access and other management protocols.
- Monitor admin rights. Constantly review admin and domain rights. Don’t stay logged in as an administrator any longer than is necessary and avoid browsing, opening documents, or other regular work activities while you have admin rights.
- Pick strong passwords. And don’t re-use passwords, ever. Minimum 8 characters but 10-12 is significantly better. Use at least 1 Upper Case, 1 Lower Case, 1 Numeric and 1 Symbol.
- Make regular backups. They could be your last line of defense against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
- Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
- Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off Remote Desktop Protocol (RDP) if you don’t need it, and use rate limiting, two-factor authentication (2FA) or a virtual private network (VPN) if you do.
- Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects.
- Keep your antivirus software up to date and perform regular scans.
Contact EagleRock computer if are a victim of ransomware
Read Sophos’ article Inside a ransomware gang’s attack toolbox