Steps to Help Prevent & Limit the Impact of Ransomware

https://img-c.udemycdn.com/redactor/raw/article_lecture/2021-08-28_07-01-14-bc58d17f88f89c92c8d602247b074cb8.png

Once ransomware encryption has taken place, it’s often too late to recover that data. That’s why the best ransomware defense relies on proactive prevention.

Ransomware is constantly evolving, making protection a challenge for many organizations. Follow these best practices to help keep your operations secure:

  1. Use strong and unique passwords on user accounts that cannot be easily breached. Weak passwords like Admin, admin@123, user, 123456, password, Pass@123, etc., can be easily brute-forced in the first few attempts itself.

  2. Configure password protection for your security software. This would prevent any unauthorized users from accessing the system from disabling or uninstalling it. Quick Heal users can enable this feature from the Settings => Password Protection.

  3. Disable the Administrator account and use a different account name for administrative activities. Most brute-force attempts are done on an Administrator user account as it is present by default. Also, remove any other unused or guest accounts if configured on the system.

  4. Change the default RDP port from the default‘3389’.. Most attacks of such type focus on targeting port 3389 of RDP.

  5. Enable Network Level Authentication (NLA) feature in your RDP settings available in Windows Vista and later OS.

  6. Configuring Account Lockout Policies that automatically lock the account after a specific number of failed attempts. This feature is available in Windows and the threshold can be customized as per the administrator.

  7. Route the RDP traffic only through the Hardware Firewall with highly secured traffic rules to allow only trustworthy connections.

  8. Kindly do not open any mail attachments or read emails from unknown people.

  9. Kindly do not visit any unknown link provided in the mail by unknown people.

  10. Do not allow outside pen drive in your network and scan the authorized pen drive before accessing it.

  11. Keep your Microsoft Windows updated with the latest updates.

  12. Keep third-party software up to date with the latest security patches provided by them.

  13. Keep your Antivirus up to date and perform scanning on weekly basis.

  14. Check for unprotected systems in your network and protect them with Antivirus installed.

  15. Do not allow unknown/suspicious files detected by the Behavior Detection System in Antivirus.

  16. The best practices discussed above highlight the need to educate your users about some of the most common types of phishing attacks that are in circulation.