Protection from ransomware virus attacks

Protecting windows networks from modern ransomware viruses is a big challenge for IT professionals. even if missing a small thing can destroy all data within few hours.  Below mentioned very basic checklist saves your life by eliminating virus & attacks.

If you have performed at least following tasks, then you are protected for a considerable level.

Here we discuss about Microsoft Windows domain network protection.


1. Do not assign any local admin rights to any standard users.
Admin rights are required only for IT professionals & standard users should not have such dangerous weapon. Restricted admin rights to user also effects to reduce the power of virus & malware attack. Because usually it is difficult to make changes to the system without admin rights until virus go through a system vulnerability. you can easily use following free gui tool to query local admins of a domain network. http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html
there are very few applications still required admin rights to run. for those unmanageable scenarios, use Runas /savecred feature. keep in mind that this is also risky.

2. Disable UAC prompt for standard users. once you remove local admin rights from users & after they click on admin required functions, still they are prompted to enter admin credentials. that is not required. just remove that unnecessary prompt according to below gpo setting & users will totally forget what is admin function. If admin wants it, use right click & run as different user instead.

ransomware protection windows security protect domain computers
Disable UAC promt group policy setting preview

3. keep a strong password for client's local administrator account.

4. Use windows update to minimize OS security vulnerabilities.
many attacks are focused on OS vulnerabilities & patching systems are very important to protect from known vulnerabilities. so always keep windows up to date. But be sure to wait at least one week before installing them on computers to get rid of major bug updates released by Microsoft idiots.

5. Use a reputed UTM firewall to protect your users from external bad world. configure well restricted protection rules which is capable to prevent virus, spam, phishing, intrusion & Etc... Remember to block access to porn sites. Most of attacks are initiated from this category of sites & content.

6. Use a reputed corporate Anti Virus software with HIPS firewall. (should be able to perform https web content filtering)
while configures antivirus policies, specially configure offline policy to activate while user is disconnected from corporate network. for this policy, configure filtering rules (specially https) to cover up above mentioned UTM firewall rules.

7. block write access for usb storage unless your clients strictly need it. it will help to stop spreading removable storage viruses. This will reduce data leakage from USB too. Disable any executable from running on removable storage media. Stop executables from usb storage

8. Manage your Google Chrome browser setting via GPO. Set Chrome Browser policies on managed PCs Many of attacks starting are initiated from browser extensions. keep your chrome browser locked for virus & malware attacks. install chrome updates via gpo Download Chrome Browser

9. Tweak & tight the security of Windows OS by configuring group policy. there are many security hardening can be applied using group policy.

10. Disable old obsolete vulnerable SMB versions. How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server. this can be done with GPO.

11. Always use UEFI secure boot function when possible. (This can be done only when you install operating system in UEFI method)

12. Always keep every thing backed up on a routine. This will help you to survive if some thing happens for your data. Use a reputed backup software & have a good restore checklist to verify that you have good restore capable backup sets. configure previous versions of windows servers which can have quick restorations of your files & folders. Use file history feature in windows clients which also has quick restore capability.

13. Disable guest account on all clients

All above mentioned tweaks are basic things which you can implement quickly in your organizations to protect against all viruses & ransomware

Please feel free to put a comment if this was useful to you
Should you think that you need further assistance from me, please use contact us form

Comments

Post a Comment

Popular posts from this blog

WSUS Client is not downloading updates

Image
Fix for windows clients are searching for updates forever.  According to my investigation, most of times this issue begins after installing  KB2919355 update  & this is affected for wsus clients & both direct download updates from Microsoft web site. This is not an issue with wsus server. once we click on check for updates in control panel windows update, we can see it is searching for updates forever & nothing other than. Checking for updates forever If you are using wsus server to deploy updates to client computers, you can see following errors in the wsus console. This computer has not reported status yet This computer has not reported status in xxx or more days. Solution steps Restart windows update service Download & install following windows update from Microsoft web site  KB3102812 . After reboot client computer stop Windows Update Service & Windows Modules Installer service. delete C:\Windows\SoftwareDistribution root folder. (you cann
Read more

Get email alerts when hard drive develops bad sectors

Image
If you are managing over 100 computers network, this will be a cool idea to make your life easier. we know well, once a hard drive makes failure, how we struggle to get data back. but how it is cool if we can acknowledge it before hard drive failure.  according to my experience hard drives not fail suddenly & before it get in to series, for many days & weeks it writes to event viewer that it is failing. usually we cannot read every machine's event log for hard drive failures. this is the reason we miss this important message. If you manage a windows domain network, using GPO we can configure to receive email notifications when drive errors occur. I am going to show you an amazing way to do this trick. you may apply for this for another goal also. If you use this successfully, you may feel what a wonderful trick is this because there is no time waste in your Sys Admin life. We use Group policy to do this Brief of tasks we are going to do. we use small query to fi
Read more

Stop executables from usb storage

Image
Removable media (usb storage devices) is a headache for IT staff If you are managing many computers in a domain. Usually users plug same usb device for many computers. Eg: to home PC, personal laptops, friend's & colleague's computers & etc... even if your corporate network is protected from antivirus software, still those devices can infect from outside. to get rid of this hassle many organizations completely block removable media devices for corporate networks while those are required for some day today works (flexibility) here I show you a small method which prevents executing every executables from usb storage. we use group policy to deploy this to all computers. its very simple, we specify some drive letters & all the executable content within any folder structure will be prevented from running. usually in any microsoft windows system C drive is for OS, D is for optical drive & e, f for next hard drive partitions. usually issuing drive letters fo
Read more