ransomware encryption Malware Protection Advice

[lost]

Hi everyone 

 

Im just after some advice.

 

I do work for Business that got hit with the cryptxxx ransomware encryption malware. encrypted all there files.

Pretty much infected everything spread like wildfire. Spread to there Main NAS too.

 

I had Kaspersky Installed on all machines. Updated 

All computers windows updates are upto date.

 

I was able to recover most there files from offsite backup and Microsoft One-drive which had recovery options to 1 week ago.

 

Just wanting to know is there anything else I can do to stop this happening again.Any other software i can install on all pcs that has better ransomware Protection.

Or any other prevention strategies.

 

Thank You in advance 

 

 

 

 

 

 

 

 

 

 

[Snipergod87]

Windows 10 has some basic built in stuff coming soon (tm) https://www.cso.com.au/article/647700/windows-10-october-2018-update-refines-ransomware-protection/

Make sure that end users are not using privileged accounts (ie their accounts are not administrators), ensure everyone has the absolute minimum level of security (no higher) to do their job.

Make sure UAC is actually turned on, some people disable it.

Educate people to be careful what they open in email attachments.

 

Depending on your NAS you should setup snapshotting,

You could have a redundant NAS and only have it powered on a few times a week to backup the other NAS.

 

I don't know how good Kaspersky is at ransomware detection, there is probably better software out there.

 

A quick G search gave a list of some software that helps protect against it.

https://www.pcmag.com/roundup/353231/the-best-ransomware-protection

[AngryBeaver]

Having AV on the systems help, but that isn't going to ever be enough to keep end users safe. You keep the network safe by the rule of least access. Block access to anything they do not need to do their job. Make it so they cannot download or install anything outside of approved software, make sure you have a way of filter their sites so they only access site they need or ones that have been vetted by the security team. Don't allow them access to their personal mail gmail,yahoo, etc... they can easily pickup something here that takes down your network.

 

There is also getting email protection. Most places I have worked use proofpoint because it is amazing at what it can do when setup correctly. Now this might not be in the budget for your company, but they need to possibly think about getting a SAAS solution that can do a Web gateway, email gateway, mail protection, client protection, and some decent DLP tools.

[Wh0_Am_1]

Kapersky is one of the best Antimalware/Antivirus options out there right now, so we can't improve much there, and many of these new Ransomware attacks are new and unique when they infect systems, and (most) solutions are on top of updating their databases. So, right now your best option would be to boost your zero day resilience and have cold storage, basically back everything important to offline drives/servers, that are not connected to any network, not even a local one. And then add some procedures of choice to keep infected files of the server/drive, do note the most Ransomware programs take 15 to 30 minutes to do their work depending on the complexity of the encryption, and the size of the drives.

[manikyath]

user training (you know.. "dont click links you're not sure about") and perimeter security (mail filter, network firewall, website whitelist, portable storage device ban, walled off guest network for non-company devices, etc.) are your main focus points on that field.

 

make sure it cant get in on its own, and make sure users are smart enough to not carry it inside.

 

and beyond that.. good backups and a rock solid disaster recovery protocol.

[xAcid9]

5 hours ago, manikyath said:

user training (you know.. "dont click links you're not sure about") and perimeter security (mail filter, network firewall, website whitelist, portable storage device ban, walled off guest network for non-company devices, etc.) are your main focus points on that field.

I rather do triple or quad backups than spend my precious times teaching/explaining these nut jobs over 9000 times.