If you get an email claiming to be from Microsoft about a Windows update, don't open it. Security researchers from Trustwave's SpiderLabs have discovered a new malicious campaign which spoofs urgent update emails from Microsoft to infect user's systems with the Cyborg ransomware. Learn more in this article.
Ransomware Infections Continue To Make Headline News
As the ransomware infections continue to make headline news, we are striving to provide pertinent information to all we have business dealings. Though there is no one silver bullet to protect a network from these insidious infections, there are multiple configurations that applied in a Defense in Depth approach can substantially reduce the likelihood.
First, as we have done at the majority of our clients with Unified Threat Managements firewalls the detection and blocking of Botnet Command and Control servers is critical. In conjunction with the detection and blocking, application control at the gateway perimeter is a necessity. Then at the End Point Protection level additional application control mechanisms should be applied. Application Control is basically a mechanism whereby if an application is not known as legitimate it is blacklisted.
For those that have not applied these protections please either execute the necessary steps or contact us for assistance in these matters.
The following are some additional steps that as an aggregate can strengthen your security posture:
- Test your backups. Don’t just depend of the notifications that a backup executed, but actually perform test restores.
- It’s critical no matter what media you use for backups, that you have multiple media including those that are not connected to your network.
- If using Cloud based backups insure that you have selected multiple revisions, for if only one version exists it can be compromised as well.
- Configure Software Restrictions via Group Policy to block common areas that ransomware exploits.
- Configure file type restrictions to block common ransomware extensions. 6. Block all email except corporate email access.
If you need any assistance with these various protection implementations please don’t hesitate to contact your MTBW representative.