For small to midsize businesses, Microsoft Windows-based systems remain dominant. Windows continues to be the operating system most widely used on desktops and laptops. It’s no surprise, therefore, that Windows systems remain the top target for ransomware.
A stunning 100% of IT professionals reported they had seen Windows systems infected by ransomware, as reported in Datto’s State of the Channel Ransomware Report. Furthermore, 29% of IT professionals reported that their clients had encountered ransomware that targeted Office 365. It takes just one visit to a malicious site, one accidental download or one infected attachment to unleash ransomware.
The following strategies and tactics will help reduce your ransomware risk, protect your networks and devices and ultimately help you recover your data when a ransomware event occurs.
● DNS: Switch to a DNS (domain name system) service that actively monitors and blocks known malware sites to reduce the risk of ransomware. Unless you’ve custom configured some settings, it’s very likely that a site’s DNS provider is the Internet service provider. When anyone on the network types, say, “www.datto.com” in a browser, that request goes to the DNS provider. A third-party DNS service provider may block specific sites. Some businesses use DNS to filter a variety of websites spanning from social media to online retailers. More complex configurations can block certain sites from specific user groups, but allow access from other groups’ systems.
● SmartScreen Policies: Microsoft’s SmartScreen filters work to block harmful sites and downloads at the browser level, much like a DNS provider can at the network level. The system calculates a risk score, based on a variety of factors, then warns the user of potential harm. SmartScreen works within both Microsoft Edge and Internet Explorer 11 browsers. An administrator can configure SmartScreen to act either as an advisor or a blocker. When set as an advisor, a person will see a warning when either visiting a potentially harmful site or downloading a potentially harmful file. But the warning can be ignored.
● Email: Email attachments often deliver a ransomware payload. “Here’s the file you need,” reads the text of the email—with an attachment. Too often, the recipient opens the file—and realizes later that it really wasn’t a needed file, but instead a malicious app. Microsoft gives Office 365 administrators the ability to block any of nearly 100 different file types. The most secure setting would be to simply delete all attachments. Anyone really needing to share files with people could upload a file to OneDrive, then share access. The recipient would receive a notification via email—but not the actual file — and could then login to OneDrive to view files “Shared with me.” You should block files likely to be harmful.
With a few tweaks to Office 365 settings you can keep harmful attachments out of email. Above all: Back up your data. Rapid recovery of your data and systems is possible after a ransomware attack—but only if you have a backup. To learn more about how to defend your Office 365 data from ransomware, check out Datto’s eBook. You’ll learn how to teach your users why running regular updates are critical, how to thwart attacks, and how to recover if ransomware breaks through. Check it out today.
Ryan Weeks is Chief Information Security Officer, Datto.
This guest blog is part of a Channel Futures sponsorship.