HOME PREVENTION - RANSOMWARE CONTROLS

PREVENTION - RANSOMWARE CONTROLS

INTEGRITY has compiled a cross-sectional set of suggested controls and practices to reduce the risk associated with Ransomware. For information about Ransomware Assessment services, contact us.

Network

Segmentation

Network

Throttling High Consumers

Network

Monitor atypical activity

Network

Backup segmentation

Network

Activate detailed logging

System

Restrict administrative privileges

System

Software updates

System

Hardening

System

Backups

System

Anti-virus

System

Monitoring

System

Access Control

System

Content Filtering

System

Honeypots

System

Threshold specific API Calls

System

Password quality

System

Activation of specific system logs

System

Disable usage of plaintext cached credentials on LSASS

Perimeter

Address urgently any identified critical and high severity vulnerabilities

Perimeter

Email with AV, reputation check, and SPF/DKIM/DMARC

Perimeter

Limited exposure of services to the Internet

Perimeter

Verification of the reputation of source IP addresses

Perimeter

Implement IDS/IPS (including layer7)

Perimeter

Segment the perimeter according to the criticality / nature of the services

End-point

Proxy with content filtering

End-point

Patching and update (no excuses)

End-point

Disable Macro Scripts

End-point

Disable Plug and Play for non data volume devices

End-point

Active notifications every time a website tries to execute or install software

End-point

Antivirus / malware with active detection and updated databases

End-point

Disable access via remote desktop services

End-point

Complex passwords

End-point

Firewall enabled in the remote workstation

End-point

Disable or remove all “guest” accounts / users or that are no longer in use

End-point

Remove all unused network interfaces

End-point

Perform day-to-day tasks with accounts / users without administration privileges

End-point

Do not install software without authorization and do not uninstall software installed by the Organization

End-point

Do not use accounts / users without a password

End-point

Updated web browser and related plugins

End-point

Keeping information in centralized controlled repositories and avoiding information being dispersed

Remote Work

WIFI only WPA2

Remote Work

Wireless VLAN for work access

Remote Work

Inhibit more than 1 connection per user on the VPN

Remote Work

2FA/MFA/UFA

Remote Work

Firewall enabled in the remote workstation

Remote Work

Antivirus / malware with active detection and updated databases

Remote Work

Disable access via remote desktop services

User Awareness

User Awareness

User Awareness

Do not use pirated software

User Awareness

Define and communicate contact point

User Awareness

Evaluate user-awareness through Phishing campaigns

User Awareness

Perform table-top exercises

Incident Response

Incident Response Plan

Incident Response

Relevant Contacts

Incident Response

Contextual impact analysis

Incident Response

Disconnect / Isolate

Incident Response

Sandbox implementation

Incident Response

Check if decryptor is available

Incident Response

Containment

Incident Response

Restore

Incident Response

Report the Infection (authorities)

CONTACTS

Portugal

Av. João Crisóstomo, n.º 30, 5º
1050-127, Lisboa | Portugal
T: +351 21 33 03 740
E: info@integrity.pt

United Kingdom

Suite 4B
43 Berkeley Square
Mayfair, Westminster
London, W1J 5FJ | United Kingdom
T: +44 20 3318 0800

España

Calle Edgar Neville, 6
28020, Madrid | España
T: +34 91 73 73 417




x