NNT provides a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.

Who should be aware of the Ransomware Threat?

Home User: The home-user community for ransomware has been highly active for a few years now but has escalated in recent months.

Corporate User: The stakes are even higher for a corporation, where the absolute dependency on IT systems means ransomware could threaten the very life of the business itself.

How does Ransomware typically attack systems?

Email – phishing, be it the mass, spear or now whale variety for corporate targets – is still the most common means of invoking a Ransomware attack. The home-user ‘market’ for the extortionists lends itself to mass-emailing, but this means that the malware can just as easily end up on Corporate Workstations.

So - What should you be doing right now to prevent Ransomware?

Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and devious methods. The malware is invited in by the recipient, typically either by opening an attachment or by activating/downloading a link, thereby largely subverting Corporate IT Security.

The best approach is to therefore harden the user workstation environment, including the Email, Office and Browser applications that act as a vector for Ransomware.

By removing or mitigating the exploitable vulnerabilities within the User Applications and the Workstation Operating System, Ransomware and other malware can be rebuffed. Further protection can be provided using manufacturer extensions such as Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party AV.

Secure the Desktop and the User

When it comes to users’ emails and their content, accurately protecting against the bad while allowing the good is beyond any technological solution. While blocking all email attachments and links would improve security, there aren’t many users that would sign up for this. A more graded approach to protecting the user is needed.

For example, MS Outlook security policy options are available to control:

  • How administrator settings and user settings interact in Outlook 2013
  • Outlook COM add-ins
  • ActiveX and custom forms security
  • Programmatic Access settings
  • Settings for Attachments, Cryptography, Digital signatures, Junk email, Information Rights Management and Protected view

Similarly, fine grain security settings are available for Excel, Word, PowerPoint and Office, all serving to mitigate vulnerabilities within the application that could be exploited by an attacker, overall bolstering Ransomware defenses.

Likewise for contemporary browsers like Chrome, Firefox and Internet Explorer, anti-phishing controls should be enabled alongside other built-in security measures that are often disabled by default.

 


Help is at Hand - The NNT Ransomware Mitigation Kit is Here

NNT, in conjunction with The Center for Internet Security (CIS), provide a comprehensive suite of system hardening templates based on absolute best practices.

These can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.

Best of all, these layers of defense against Ransomware are also backed up with the fastest-available, real-time system integrity and change control detection technology to further ensure that, if the unthinkable happens and you do fall victim to an attack, any suspicious changes or activity is immediately brought to your attention before major damage can be perpetrated. Follow these 3 easy steps!  Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any queries


First Step - Identify if your Desktop Applications are vulnerable to attack

Importing CIS Benchmark Reports - Reports to Identify Vulnerabilities in User Applications

First, import the new report using Settings -> Compliance Report Templates -> Upload templates. For more information see the FAQ 'Compliance Report Template Administration'

Using the CIS Vulnerabilty Report - Ad Hoc 'On Demand' report

First,select the device to audit for vulnerabilities, then dial in the report required from the list.

Using the CIS Vulnerabilty Report - Assigning a Report to a Group

Alternatively, select a device group against which you wish the report to be run. For more information see the FAQ 'Adding a Compliance report to a Group - Change Tracker Generation 7'

Step Two - Automatically Mitigate Vulnerabilities using Ransomware Mitigation Kit GPO Templates

Importing Ransomware Mitigation Group Policy Templates

First, right-click and create a new Group Policy Object, in this case, it is the NNT Windows 2008 Enterprise Ransomware kit that we are creating. So make sure it is named accordingly.

The next step is to import the setting for the NNT Windows 2008 Ransomware kit - this is provided by NNT in template file format, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any queries. Right-click and import on the new created GPO, from there, browse to the NNT Windows 2008 Ransomware kit and follow the on-screen wizard until the kit is imported.

The last step is to link the GPO to the required domain, in this case, we linked the NNT Windows 2008 Enterprise Ransomware kit to the NNT domain. Once this has been done, the next Group Policy update will set the required configuration on the servers/workstations within the Domain, closing off weakspots targeted by malware attacks. Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any queries

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call 1-888-898-0674 or click here to request more information.

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter