Recent Real World Experience: Combating Ransomware Infection Part I Principle of Least Privilege

Just this past weekend MTBW Services was called upon to assist in the recovery from a Ransomware infection. Though never a pleasant way to spend a weekend, from our experience assisting scores of other companies infected with this insidious Malware, we were able to clean and recover the data affected.

We have released an extensive checklist regarding protections in the battle against Ransomware – Ransomware Evolutions and Derivatives – but there are a few from this most recent battle that merit reiteration. The Principle of Least Privilege is a critical component in combating the ravages of Ransomware. The Principle of Least Privilege states that all users should have the necessary permissions to perform their respective duties, but nothing more than that.

Just like an authorized application that a user utilizes, a Ransomware program can’t modify files to which that the user has no permissions. The Principle of Least Privilege in and of itself won’t prevent a Ransomware infection, but will substantially mitigate the damage that occurs. This most recent incident had a partial configuration of the Principle of Least Privilege, which noticeably reduced the cleanup and restoration required.

It is extremely important that your network have the Principle of Least Privilege applied properly. If you need any assistance with the application of this principle please contact your MTBW representative.

Part II Datto to the Rescue