Page 20 - Cyber Warnings
P. 20
Make sure backups are up to date and isolated from the computer, otherwise they may be
encrypted too.
So- What should you be doing right now to prevent Ransomware?
Over and above standard firewalling and anti-virus protection, there are additional defenses that
should be in place to defend against phishing, given that this is the primary delivery mechanism
used. Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and
devious methods. The malware is invited in by the recipient, typically either by opening an
attachment or by activating/ downloading a link, thereby largely subverting Corporate IT
Security.
The best approach is to therefore harden the user workstation environment, to prevent malware
activity where possible and to at least place more obstacles in the way when not. As with any
hardening program, a balance must be found between strong security and operational ease of
use.
The majority of exploitable vulnerabilities can be mitigated within the Workstation Operating
System, and further protection can be provided using manufacturer extensions such as
Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party
AV.
Secure the Desktop and the User
But when it comes to users’ emails and their content, accurately protecting against the bad
while allowing the good is beyond any technological solution. While blocking all email
attachments and links would improve security, there aren’t many users that would sign up for
this. A more graded approach to protecting the user is needed.
And in fact this solution already exists for most browsers and the Microsoft Office Applications.
Controlled by Group Policy, the desktop applications otherwise used to welcome in
Ransomware can be fine-tuned to mitigate exploitable vulnerabilities while requiring elevated
approval for other functions – this may slow the user down for certain tasks, but that additional
pause for thought while the system prompts for approval elevation will ensure security hygiene
is observed.
For example, MS Outlook security policy options are available to control:
How administrator settings and user settings interact in Outlook 2013
Outlook COM add-ins
ActiveX and custom forms security
Programmatic Access settings
20 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
