6 Easy-to-Follow Tips for MSPs to Stop Ransomware

In a recent blog post we discussed the growing variety of ransomware that plagues today’s IT landscape. While this proliferation of threats may seem daunting and virtually impossible to combat, there are several straightforward steps MSPs can take to dramatically reduce their clients’ risk of becoming ransomware victims:

1. Deploy reputable, multi-layered endpoint security.

Having endpoint security that prevents malware infections in the first place is vital. Look for security that protects web browsing, controls outbound traffic, protects system settings, proactively stops phishing attacks, and continuously monitors individual endpoints.

2. Deploy backup and business continuity recovery.

If there is a ransomware infection, the only recourse is to recover data and minimize business downtime. There are now many automated, on premise and cloud-based backup and continuity solutions that will back up data and get productivity back online.

3. Create strong Windows policies.

When it comes to ransomware, consider using Windows policies to block certain paths and file extensions from running. Policies can be set up in groups, which is useful if varying levels of access are required. Examples of useful policies include: blocking executables in temp or temp+appdata and the creation of startup entries. The following file types shouldn’t be run in the following directories: .SCR, .PIF, and .CPL in users’ temp, program data, or desktop.

4. Use policies to block volume shadow copy service.

Windows creates local copies of files using the VSS copy service. Ransomware like CryptoLocker will encrypt this area because it holds VSS copies for the local drive (normally the C:\ drive). Using Windows policies to block access to the service helps stop ransomware like CryptoLocker from erasing local drive file backups. Policies should point to the VSSAdmin executable. Any attempt to access or stop the service will result in a block.

5. Disable macros and autorun.

Many varieties of ransomware infect systems using macros. Macros can easily be disabled in the Trust Center of every version of Microsoft Office. It is also possible to enable individual macros, should they be used for a particular task. While autorun is a useful feature, it is often used by malware to propagate. For example, USB sticks will use autorun to proliferate, and it’s commonly used by Visual Basic Script (VBS) malware and worms. In general it is best to disable autorun.

6. As always with security, users are often the weakest link. Malware will continue to thrive and be a viable business as long as staff are unaware and uneducated on the risks of the Internet. Providing the basics will protect users at home and in the office.

Having next-generation endpoint security is the first step to securing your endpoints from ransomware, so why not take a 30-day trial of Webroot? In less than five minutes you can install SecureAnywhere® Business Endpoint Protection with Global Site Manager and see first-hand how it delivers superior malware protection while lowering your costs and boosting your bottom line.

Guest blogs such as this one are published monthly and are part of The VAR Guy annual platinum sponsorship.