- Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
- Enable strong spam filters to prevent phishing emails from reaching the end-users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users. Configure firewalls to block access to known malicious IP addresses.
- Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system. Set anti-virus and anti-malware programs to conduct regular scans automatically.
- Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrators, accounts should only use them when necessary.
- Configure access controls - including file, directory, and network share permissions- with the least privilege in mind . If a user only needs to read specific files, the user should not have written access to those file, directories, or shares.
- Disable macro scripts from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
- Implement Software Restriction Policies(SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/ decompression programs, including the AppData/LocalAppData folder.
- Consider disabling Remote Desktop Protocol (RDP) if it is not being used. Use application whitelisting, which only allows systems to execute programs known and permitted by the security policy.
- Execute operating system environment or specific programs in a virtualized environment. Categorize data based on organizational value and implement physical and logical separation of networks.
