Ransomware Guard
Mar 6th, 2016 by Jesper Kråkhede
I have started to device a set of security mechanism that will end up as a pattern in the month to come. However, I think you all are interested in the reasoning how to protect yourself?
First of all, you need to start looking at access paths, how does the ransomware hit you. The access paths are mainly the same as for any other Trojan, hacked websites or files in your mail or through an USB-stick.
If we take the mail path first with the attached file the first thing to do is blocking executables and files that normally isn´t sent through mails like flash files, avi etc. Of course you need to check with your organisation first so that you don’t block any functionality.
After that I would use a chamber to quarantine the file and conduct automated sandbox testing before I let it through to the user.
When it comes to links I would put them through sandbox testing there as well in conjunction with a ‘known malware spreading site register’ like Smart Screen in Internet Explorer Edge.
Files on a USB-stick is a bit tougher though but there are good tools in the AV that could check for those. I´ll have to look further on for this one.