WannaCry, NotPetya, Locky and BadRabbit – just four of many infamous ransomware attacks in 2017 that have affected public institutions and businesses around the world. Falling victim to a ransomware attack can be very time consuming, costly, and all-around damaging for your business. With ITbrain Anti-Malware you are now even better protected against this kind of attacks!
What is Ransomware?
Ransomware is a type of malicious software used by cyber-criminals to encrypt files on a device. It can limit or even prevent users from accessing their files until a certain ransom is paid.
Infected systems get notified that files have been encrypted and are given instructions how to obtain the decryption key. Payment is often demanded in a virtual currency, such as bitcoin, to not reveal the cyber criminal’s identity. Ransomware attacks and malware complexity of these type of attacks have increased since 2011. Every year we see an upward trend in Ransomware distribution and attacks.
How ITbrain Anti-Malware protects your managed systems from these attacks?
While engineering our Active Ransomware protection system we took a step back and analyzed what is the core need for Ransomware to succeed on a system.
Active Ransomware Protection will protect specified folders to be read or written to by Unknown applications such as Ransomware or other malicious Software. We have an intelligent system which will check read/write attempts by applications and will grants access or deny access to those folders.
The system is designed to be simple to use and powerful at the same time.
Add protected folders paths to the Policy and any unknown application will be blocked to modify files, thus preventing unauthorized encryption or manipulation from Ransomware or any other malicious Software.
Hint: In Manage protected folders you can add any folder paths you think are important to protect.
Note: Do not include Application Folders or Important operating system folders as they can cause issues.
If you have applications which need to have read/write permission add them to the list, so they can access the protected files when needed. Applications such as Microsoft Word, Adobe Acrobat Dropbox and many other trusted applications will be allowed by the system to access protected files.
Hint: If you use older(Legacy) applications in your networks we recommend adding them Trusted applications list.
At this Point, you are all set. Save the policy and all settings will be pushed to your devices in seconds.
If an application will be prevented to write or modify files in the protected folders, it will be shown in the Blocked application list, you can take the appropriate decision to add it to the Trusted application or to investigate further.
If a blocked application is trusted in your environment, add it to the Trusted Applications list. Use the copy to clipboard icon to get the full Application path and then add it to the Trusted applications list in the Anti-Malware policy.
Do not hesitate to comment on this post or contact our support(firstname.lastname@example.org) if you have any questions or issues related to Active Ransomware Protection.
You wrote an amazing guide but you missed some of the points. I recently went through some safety tips to protect yourself from ransomware attack. It may add value to your guide.
For better protection, the wildcards "*" for Active Ransomware protection are not working.
You will need to add specific file paths to be protected. This was a decision we took based on the recommendation from our Malware researchers and how Ransomware works.
Our priority is to make sure folders are protected even if it creates a bit more work to set them up. We will try to see in the future if we can add secure wildcards to the protected paths.
Would it be security wise to create TViewer in a virtual setting?
If a VM of sorts were generated per session. What are your thoughts on this? As the session opens a (VM) computer is present. Once the session is closed, the computer literally does not exist anymore.
In the presented situation, I am not sure TeamViewer can help here if at every "creation" of the VM a new ID will be generated. I think this setup is secure as it is if it is sandboxed properly.