NNT provides a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.
Who should be aware of the Ransomware Threat?
Home User: The home-user community for ransomware has been highly active for a few years now but has escalated in recent months.
Corporate User: The stakes are even higher for a corporation, where the absolute dependency on IT systems means ransomware could threaten the very life of the business itself.
How does Ransomware typically attack systems?
Email – phishing, be it the mass, spear or now whale variety for corporate targets – is still the most common means of invoking a Ransomware attack. The home-user ‘market’ for the extortionists lends itself to mass-emailing, but this means that the malware can just as easily end up on Corporate Workstations.
So - What should you be doing right now to prevent Ransomware?
Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and devious methods. The malware is invited in by the recipient, typically either by opening an attachment or by activating/downloading a link, thereby largely subverting Corporate IT Security.
The best approach is to therefore harden the user workstation environment, including the Email, Office and Browser applications that act as a vector for Ransomware.
By removing or mitigating the exploitable vulnerabilities within the User Applications and the Workstation Operating System, Ransomware and other malware can be rebuffed. Further protection can be provided using manufacturer extensions such as Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party AV.
Secure the Desktop and the User
When it comes to users’ emails and their content, accurately protecting against the bad while allowing the good is beyond any technological solution. While blocking all email attachments and links would improve security, there aren’t many users that would sign up for this. A more graded approach to protecting the user is needed.
For example, MS Outlook security policy options are available to control:
- How administrator settings and user settings interact in Outlook 2013
- Outlook COM add-ins
- ActiveX and custom forms security
- Programmatic Access settings
- Settings for Attachments, Cryptography, Digital signatures, Junk email, Information Rights Management and Protected view
Similarly, fine grain security settings are available for Excel, Word, PowerPoint and Office, all serving to mitigate vulnerabilities within the application that could be exploited by an attacker, overall bolstering Ransomware defenses.
Likewise for contemporary browsers like Chrome, Firefox and Internet Explorer, anti-phishing controls should be enabled alongside other built-in security measures that are often disabled by default.
Help is at Hand - The NNT Ransomware Mitigation Kit is Here
NNT, in conjunction with The Center for Internet Security (CIS), provide a comprehensive suite of system hardening templates based on absolute best practices.
These can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.
First Step - Identify if your Desktop Applications are vulnerable to attack
Importing CIS Benchmark Reports - Reports to Identify Vulnerabilities in User Applications
First, import the new report using Settings -> Compliance Report Templates -> Upload templates. For more information see the FAQ 'Compliance Report Template Administration'
Using the CIS Vulnerabilty Report - Ad Hoc 'On Demand' report
First,select the device to audit for vulnerabilities, then dial in the report required from the list.
Using the CIS Vulnerabilty Report - Assigning a Report to a Group
Alternatively, select a device group against which you wish the report to be run. For more information see the FAQ 'Adding a Compliance report to a Group - Change Tracker Generation 7'
Step Two - Automatically Mitigate Vulnerabilities using Ransomware Mitigation Kit GPO Templates
Importing Ransomware Mitigation Group Policy Templates
First, right-click and create a new Group Policy Object, in this case, it is the NNT Windows 2008 Enterprise Ransomware kit that we are creating. So make sure it is named accordingly.