1. Enforce Plain Text Mode on Emails
Plain text mode was a common practice several years ago when email clients such as Outlook allowed emails to run JavaScript code automatically and infect your computer. For this reason, just opening an email was potentially dangerous. Current email clients have fixed this vulnerability so that the mere opening of an email can no longer harm your computer. Still, enforcing text mode eradicates embedded links and images that can be used to deploy ransomware. This type of strategy can be justified when according to a Symantec report, 1 in 131 emails sent last year contained viruses or dangerous links just last month. Though it’s not a perfect solution, this tactic will greatly diminish the likelihood of a ransomware attack.
2. Create Software Restriction Policies
Network administrators that work with Active Directory environments and are familiar with Group Policy can configure a GPO using Software Restriction Policies (SRP) to offer a level of protection against ransomware.
How does this work? Most ransomware variants tend to target the same specific folders such as AppData and Temp folders. It is within these folders that the malevolent app takes root. A SRP allows administrators to allow or disallow certain file types within select folders. You can specify these files by a number of ways, such as their hash identity, but in this case configuring a path rule is the most effective. Keep in mind that this blanket like strategy of disallowing executable files within these folders will also prevent any legitimate applications from running as well. Though few applications fall in this category, you can easily make rules for legitimate executable files the same way but assign their security level to “Allow.”
3. White Listing Allowed Apps and Files
While a Software Restriction Policy is effective in stopping a known file type, new threats are constantly introduced that utilize new file paths and file types. Another effective method against ransomware is to whitelist the allowed applications for your devices. Any application or executable file not on the list cannot be executed on the designated devices, period. A popular tool to implement this is AppLocker, although it is only available on select Windows OS versions (Enterprise and Education.) This is a very viable solution for organizations that disallow users to install their own applications.
White listing can also be applied to your web filtering policies. In this instance, users can only access approved websites that reside on the list. Although this may seem extreme, it’s not that uncommon for enterprises in the finance or healthcare industries, with extra-sensitive data to protect.
4. Deploy ‘Device Guard’
Device Guard was recently introduced in Windows 10 and provides an even more secure means of application whitelisting. When implemented, this software only allows applications signed by a certified publisher to run. This means that you must supply a certificate for every application in order to approve it. Unlike AppLocker, which could be accessed by attackers with administrative privileges, Device Guard operates within a virtualized container in order to protect itself. However, Device Guard has specific hardware requirements and does require considerable configuration and testing.
5. Invest in Employee Training
Simply put, security training is crucial, as your network’s users are the weakest security links. While team members’ actions can be a danger, they are also your first line of defense. Take the time to hold short training sessions in order to teach them how to identify suspicious emails and teach them the value of proper email procedures such as the practice of typing URLs into a browser rather than simply clicking their embedded links. With the devastating costs of ransomware and security breaches today, a 30-minute training session repeated throughout the year is not a lot to ask and can be extremely valuable.
Has your organization adopted any of the above security strategies against ransomware? We’d like to hear about your approach. Please share in the comments below and contact the WEI team if you’d like to learn more about strengthening your enterprise’s security.
Next Steps: Check out our tech brief, “Using Network Segmentation to Manage Malware and Ransomware Risks.”