System admin's guide to prevent ransomware
The whole world is facing issue with ransomware attack and every system admin is worried about How to prevent ransomware? Prevention is better than cure. We must need to keep our for such kind of attacks and must need to take preventive actions to avoid such kind of incidents in our network.
Only 10% Information security can be achieved through technology and rest of 90% can be achieved through People and Process. Well information security is not the core point we are discussing here but yes, this is part of information security. You can keep your environment safe only if you have educated users. You must need to educate them about Do's and Don'ts.
For that you need to send awareness mailers regularly. Also need to conduct InfoSec awareness training sessions. The major source of ransomware is mails so keep your users aware about this kind of things. Inform them to no open any unsocialized email and it's attachment.
Remove outdated OS or Upgrade it or newer version
Hackers always tries to find weak area of your infrastructure to penetrate in your network. And outdated or very old OS are the easiest way because they are vulnerable. Microsoft discontinued support for Windows XP April 8, 2014 but around 70% ATMs in India works on Windows XP. It has been three years and in this three years many changes may have come, Vulnerabilities might have come. If you are not keeping your OS up to date then there are chances of hacking.
In short you must keep your OS and software updated.
Install MS17-010 Critical patches in all your machines
This patches will resolve remote code execution vulnerability through Service Message Block [SMB] in Microsoft Windows. You can install this patches manually or you can push it using your WSUS server.
Keep your software up to date
Keep your software updated because the more older software, The more vulnerable they are.
Block ports in windows firewall
You need to block port 139 [both TCP and UDP] and 445 [TCP]. Port 139 and 445 are used for file sharing and SMB.
Block port 3389 [TCP and UDP both]. Port 3389 is used for RDP and WBT.
Turn off SMB feature
You can turn off SMB feature from Control Panel > Programs and Feature > Turn Windows Features on or off.
Turn off Macro in Office applications
In most of the cases of ransomware. Once you open email attachment, it will run a macro and execute ransomware immediately. So keep macro off is safe option as per my opinion.
Keeping data backup in isolated devices will be great way to recover if you face ransomware issue.
Why backup in isolated devices?
When your one computer gets infected then it will start spreading across the network. For example. If you then machine is having 5 mapped drives then All actual machines of that drives will be infected in seconds. In this scenario isolated backup in USB drives and other locations will help you to recover fast.
In this cyber world no one can say I am secured or my organisation is secured but we can take some preventive actions to keep our side safe from such attacks.