Stop the Spread of RansomwarePosted on 22 June 2017 by Beaming Support
Ransomware is a type of malware that blocks access to users’ computer systems until a ransom is paid.
This is usually done by locking system screens and encrypting files, and spread via installation files that masquerade as updates. Find out steps you can take in advance to stop the spread of ransomware in the case of an attack.
By the time you’re panicking about how to stop the spread of ransomware, it may well be too late. The time you spend now checking that you have procedures and plans in place is time you’ll save getting your systems back up and running in the case of an attack.
Once a plan is in place, make sure to have a hard copy printed and securely stored. There’s no telling if this is a document that will become unavailable.
Use Group Policy to block specific known ransomware attacks from executing on users’ machines
Identify the users or machines to which you wish to apply the block and the group to which they belong. Then specify this block in your Group Policy as follows:
Computer Configuration – Policies – Windows Settings – Security Settings – Software Restriction Policies – Designated File Types
Now add the file type / latest ransomware file extension to the policy to help stop it from running in your environment. The file extension will differ from attack to attack.
Further reading from Microsoft is available here.
Layered Security and Permissions Structure
No single user should have write access to every folder or document within a shared drive. Should a particular user become a victim of a ransomware attack, everything they have access to is at risk. You should make a point of conducting a regular review, auditing and documenting each user’s access to each folder.
Create and review your file structure to take into account the effects of ransomware spreading through documents available to any particular user. This will help speed up recovery and identification of affected files. If you know that user A only has access to certain folders this information can be used to help contain the spread and quickly identify what to restore.