Photo by John Cameron on Unsplash
Fight Windows ransomware with on-board tools
Negotiating Hurdles
The horror scenario: Your organization's data has been encrypted – in the worst case, after the data has been stolen and is at risk of ending up on the darknet. The measures used to mitigate the effect of ransomware can be broken down into two aspects. The first involves preventing attacks, and the second is all about slowing down the attack if it is successful. Both tasks require changes to workflows and processes involving administrative intervention that is not always convenient.
Entry
Ransomware has a limited number of vectors for entering the company network. Email and malicious attachments come first, but external access to the mailbox is also conceivable, with the manipulation of existing attachments. Many companies also have holes in the firewall that provide a direct route to the internal network. Remote Desktop (RDP) and other protocols that allow remote access are worthy of note, as well as manipulated software that users download and install. Last but not least, one visit to a manipulated website is all it takes to be infected by ransomware or some other malware (drive-by attacks).
Email is the most common way for ransomware to enter a company. A simple file attachment is all it takes. Sending billions of email messages costs nothing but electricity. Valid target addresses can be bought, found, and generated. Anyone who has worked with the same email address for a period of time will be familiar with the problem of spam and be aware that their own address has been public knowledge for a long time. What was technically brilliant about the Locky attack [1], for example, was that the malware and the associated executable file were not directly included in the attachment. Instead, the recipients received an Excel file with a macro that acted as a
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- New Exploit Bypasses Windows AppLocker
-
News for Admins
News for system administrators around the world. -
Ransomware: Prepare for emergencies
The danger of ransomware attacks calls for a robust backup and monitoring strategy. -
Halting the ransomware blackmail wave
In the tsunami of ransomware infections this year, the Locky encryption trojan is a high-water mark. With a constant stream of novel attack patterns, this continually evolving pest makes life difficult for IT managers, users, and security vendors. Here's how to protect yourself. -
New security features in Windows 10
With each version of Windows, Microsoft has expanded the built-in security functions. Windows 10 includes a number of new and interesting security features.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
