Saturday, August 26, 2017

Five steps to prepare for a ransomware attack

Like many information security firms, Rendition Infosec has worked many ransomware attacks over the last several years.  If you’re reading this post, you probably know about the obvious things you can do to prepare for a ransomware event.  We often talk about having good backups (and testing them).  We also know that most ransomware is distributed through phishing, so having good phishing defenses helps too.

When it comes to ransomware, an ounce of prevention is worth a pound of cure…

But lets assume that you’ve checked those two boxes (as well as anyone can).  Let’s face it, sooner or later you are likely to have to deal with a ransomware threat in your environment.  So what else can you do to prepare for the inevitable ransomware compromise?  In this post, we’ll detail a few things that can be done to quickly ensure security for your machines in the event of a ransomware attack.

The five preparation steps are:

  1. Enable Volume Shadow Copies and increase allocated space
  2. Remove users from the local administrators group
  3. Limit the number of shares that a user has write access to
  4. Use hidden file shares
  5. Only map file shares while in use

In the rest of the post on the Rendition Infosec blog, we’ll discuss the rationale for each of these recommendations.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.