Simple ways to prevent Ransomware, Part 1

LinkedIn
Twitter
Facebook

Table of Contents

Ransomware is on the rise!

Here is Part 1 of a series of articles on how you can prevent your organisation from having your data locked up.  These guides can, and should, be done now!

The Ransomware ‘process’ usually comes in email via attachments that are executed (opened by the user).  However, we usually find that the attacker has already gained access to the system before the Ransomware attack is performed.

Once the attacker has gained access they will:

  • Collect data for a few days first, determine who are the best targets to attack (typically finance users)
  • Copy/download company files
  • Run password capture tools on the network such as Minikatz.
  • Remove Windows Server backups and Shadow copies.

Once the above is done, the ransomware is invoked.  We find that it is usually run on weekends and afterhours, when you have least chance of recovery.

In Part 1, we will disable the Windows Script Host and PowerShell.  Users do not typically require these tools.

Restrict PowerShell

  1. Create a new Group Policy (Group Policy Management)
  2. On the Policy head over to User Configuration > Windows Settings > Security Settings
  3. Create a new Software Restriction Policyreduce ransomware via software restriction policy
  4.  Create a new Path Rulesoftware restriction policy2
  5. The typical path for PowerShell is c:\windows\system32\WindowsPowerShellsoftware restriction policy
  6. Hit OK when done

Restrict Windows Scripting Host WScript

  1. On the same Group Policy from above, expand Computer Configuration > Preferences > Windows Settings
  2. Create a new Registry Itemblock WSH
  3. Create a Registry entry as per below:  block WSHThe Key path is Software\Microsoft\Windows Script Host\Settings\    You need to create two Keys, HKCU and HKLM

Sign up to receive the latest news and offers from IT Networks​

About IT Networks

At IT Networks, we provide managed IT services designed to keep your business running smoothly and securely. From handling day-to-day IT operations to implementing robust cyber security solutions, we ensure your technology works seamlessly so you can focus on what matters most—growing your business. Let us streamline your IT infrastructure, enhance your security posture, and help you drive greater success.
Kim Pham - IT Network Security