Reply to post: Mitigation

Another Canadian uni hit by ransomware, students told to keep Windows PCs away

Anonymous Coward
Anonymous Coward

Mitigation

Good that they can recover from backups, but better if you can prevent scumware from afflicting you in the first place.

We were hit once. No real damage but we had to re-image one PC and pull back a few files from shadow copies. About 30 minutes to recover. However, this was annoying enough to push us to look at ways to mitigate attacks. Analysis showed that the user had opened a link in an email that had bypassed our web and AV filters. To counter this we changed the firewall to only allow downloads from websites that have been categorised by the firewall vendor.

Next layer of defence was to implement applocker policies to prevent unknown executables from running from suspicious locations such as user profiles.

Finally, we implemented FSRM to look for known crypto malware files being written to file servers. If they are detected, alerts are generated and share permissions are set to read only. Since implementing this and trying to keep our file screen up to date with new variants, I have since found this site that keeps a comprehensive list of files to add to your file screen. https://fsrm.experiant.ca/

If all else fails, we have shadow copies, offisite delayed replicas and 2 independant backup solutions to tape and disk.

Of course there are never any guarantees, but since doing this we have had no further incidents.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021