1. User Training
This is probably the biggest item. The worst aspect of CryptoLocker is that they are not actively hacking your network. They are sending spam e-mail or having your user’s go to websites that are not for work purposes and download the installer without them seeing it. Train your users to be wary of emails from senders you don’t know and not to go to non-work sites.
2. Apply a spam filter to your exchange that blocks executable files being attached
This will keep them from accidently activating an executable. They can still receive zip files and will have to know not to extract or unzip them.
3. Consider Software Restriction Policies and Whitelisting
Locking down what your users can and cannot install will assist with prevention. Also, disable hidden file extensions in Windows to keep them from unintentionally installing something.
4. Apply a Firewall
Restrict outbound traffic only on ports that you actually use. Apply content filters to keep people honest on the types of sites that they are going on at work. Clock known malware domains.
5. Apply good antivirus.
I would recommend that any antivirus you do choose has heuristic scanning abilities as these seem to be the best at locating when Cryptolocker is active in a system. Heuristic scanning looks for typical patterns of behavior. Such antivirus includes Kaspersky, Eset, Webroot, etc. Please do your research and find the right antivirus for your organization.
6. Apply correct security to everyone in your network
If everyone is a domain admin then this provides the keys to the kingdom to all your users. If one of them gets CryptoLocker, then you are essentially giving that virus full range to your network. Give limited domain access to users and restrict access to vital points on your network, such as your SQL server. Also, restrict who is a local admin on the computers.
7. Strong passwords
Newer versions of CryptoLocker are able to guess at simple passwords. If you only have capitals and lowercase letters then this can be hacked within a short period of time. In 2013. Hackers were able to crack 16-character passwords in less than an hour, to view details of the article go here. It is recommended to make your passwords vary and have capital, lowercase, numbers and atypical symbols (Such as %, &, ^, }). Normally users select ! or @. These are common and more likely to be guessed. The more complicated you make your password, the better your network security will be.
8. Regularly clean up old logins
Let’s say your users follow your password policy. What about an old login that has been sitting there for years before the password policy has been in place? This is a hacker’s dream and they will take full advantage. I recommend putting a practice into place that cleans up old logins every 3-6 months.
9. Backup, backup, Backups!
Backups that are on their own backup device is best. You want to backup all of your critical files. Have shares for each user and train them to store their critical files on the server. I tell clients that if it will take more than a week to recreate (if they are able to recreate the file), then to place it on your personal share where it is backed up by the company. Clients that have had CryptoLocker and a backup system were back up and running with minimal downtime.
10. Apply 3rd party programs that act as preventions
CryptoPrevent Malware Prevention or CryptoLocker Tripwire I have not personally used these two. However, have heard good reviews for the both. I would not rely solely on either and would add them as an additional layer in addition to your antivirus.
Please never pay the ransom. Every time these criminals receive a ransom it only encourages them to target another company or person and continues the cycle.
Leave a Reply