Professional Documents
Culture Documents
17 Tips For Protecting Windows Computers and Macs From Ransomware
17 Tips For Protecting Windows Computers and Macs From Ransomware
With the changes to malware and its behaviors, the methods of detection and protection have had to be
modified to prevent infections from assorted malware types, like spyware, ransomware, and adwareand in
the case of zero-days, to mitigate the impact while limiting the exposure as much as possible.
With the recent WannaCry ransomware infection affecting users on an international scale, the stakes are
extremely high for those who rely on technology to protect their data at all costs. This is especially true of
critical systems, such as those that provide life-saving care in hospitals, infrastructure used to manage utilities,
and information systems used in government services.
The approach to data security is not a one-size-fits-all solution, as it varies based on the organizations needs
and the resources available to it. Consideration must also be given to complying with any regulations that may
exist specific to your industry.
With that said, safeguards are merely that. The risk associated with malware infections is always present, as
risk cant be eliminated. But applying multiple security applications as a layered solution provides compre-
hensive protection on several fronts to minimize the threat of a potential outbreak in accordance with best
practices.
With patch management playing such a crucial role in on-going system protection, there is no end to the
tools available to organizationssmall, medium, or largeto help ensure that their systems are current.
First-party tools available from Microsoft, such as Windows Server Update Services, which is included as a
service of Windows Server or Systems Center Configuration Manager (SCCM), can manage patches, from
deployment to remediation with included reporting on the status of all managed devices for first- and third-
party applications.
Active monitoring of the health of these devices, along with updating configurations as necessary to match the
networks needs, will result in enhancing the networks security posture and help enable the security appliance
to stave off attacks.
While these devices may not necessarily be Windows-based devices, I included them here because of the
real-world benefit they provide in helping to mitigate unauthorized network intrusions and to fend off attacks.
By assessing what the devices will be used for, you can determine how the device should be locked down
from a security standpoint. Keep in mind that any applications, services, and connected devices that are not
needed or that are deprecated (such as the SMBv1 protocol that allowed the WannaCry exploit to proliferate)
should be considered a potential attack vector that may be exploited and should be disabled immediately.
Microsoft offers the Microsoft Baseline Security Analyzer (MBSA) for clients and servers alike to perform
vulnerability assessments for devices and the services that run atop them. It also makes recommendations on
how to harden them for the utmost security without compromising services. For newer OSes, such as Win-
dows 10 and Windows Server 2012/2016, MBSA will still work, though it may be used in conjunction with the
Windows Server Manager app to identify compliance with best practices, troubleshoot configuration errors,
and identify operating baselines used to detect variations in performance, which may be an indicator of a
compromised system.
One of the best protections against ransomware in general is a good backup system. As a matter of fact,
several backup systems are better still. Since data can be backed up to several different media at once, an
incremental backup to a local drive that you can transport with you, alongside a constant backup to cloud
storage with versioning support, and a third backup to a network server with encryption provides ample
redundancy so that if your local drive becomes compromised, you still have three possible data sets to
recover from.
The Backup And Restore Utility native to Windows clients and servers provides a lightweight solution for
backing up local data across multiple storage types. Meanwhile, OneDrive offers excellent cloud backup
capability. Third-party software to centrally manage data backups across an organization or to/from the cloud
is available from several providers as well.
This is extremely useful for data at rest since it prevents outside access unless its through the designated
application. But it does nothing for data in motion or data that is being transferred over the network. In cases
where transmission is required, the de facto standard is virtual private networking (VPN), since it creates an
encrypted tunnel by which to send/receive data to/from, ensuring data is protected at all times.
As part of the configuration process, an optimized network will be set up for Virtual LANs (VLANs) or
segment traffic and should be managed to ensure that data gets where it needs to go in the most efficient
manner possible. Another security benefit of VLANs is the ability to logically quarantine malicious traffic or
infected hosts so that they cant spread the infection to other devices or parts of the network. This enables
administrators to deal with compromised hosts without risk of spreading the infection or to simply shut down
the specific VLAN altogether to effectively cut off the device(s) from the internet until remediation has occurred.
While policies do not inherently stop malware at a technical level, if written properly they can address known
issues or concerns with respect to data security and arm employees with useful information that could prevent
an infection from spreading. Policies may also direct them to provide feedback to IT support to remedy a
reported issue before it becomes a larger problem.
Policies should always be considered drafts in a sense. Technology is dynamic and ever changing, so
the policies that are in effect must change too. Also, be mindful of any restrictions or regulations that may
apply to your field. Depending on the industry, writing policies can get tricky and should be addressed with
management (and perhaps legal) teams for accuracy and compliance.
However, detailing changes made to systems configurations, along with the other measures previously
listed, can have a profound effect on ITs ability to respond to threats proactively or reactively. Furthermore, it
allows for adequate testing and measurement of results that any changes made to systems has on services
provided and uptime availability. Lastly, it offers a record of the changes made (alongside their results), which
administrators, contractors, and other support personnel can review to determine the cause of some issues or
possibly address their recurrence in the future.
For a comprehensive set of documentation to be useful, you need input from various support teams
including systems and network administrators, help desk staff, and managementto create a documentation
process that is effective yet simple to follow and easy to manage.
Considered a preventative measure, training that focuses on identifying possible malware attacks, such
as phishing, can be an effective tool in preventing malware campaigns against your organization from
compromising sensitive data.
End-user training should center not just on identifying malware attack attempts, but should also target
mitigation techniques that users can take to prevent or slow down infections should they suspect their
computers have been compromised. Finally, no training is complete without informing users about the
organizations expectations with respect to their responsibilities on reporting issues the instant they spot
something out of the norm.
RA and RM can help you pinpoint the trouble spots and implement an ongoing plan to prevent these issues
from negatively affecting your organization. At the very least, RA/RM allows IT to focus its efforts on aligning
the companys resources with the devices that pose the greatest threat if compromised, such as mission-
critical systems.
This process enables IT, management, and compliance/regulation entities to best determine the path forward
in identifying equipment, mitigating hazards, determining the order in which to resolve threats, and evaluating
the assessment itself so that procedures can be updated and corrective actions modified as risks change
over time.
And yet for the last few years, weve seen a steady increase in the number of threats aimed squarely at
macOS users. As Apple continues to grow market share for computers and servers, the potential number of
targets goes upand that has caught the attention of threat actors looking to cash in.
Though still not as explosive as the Windows market share, in less than a year, Macs have gone from
not having any major malware infections to having several ransomware threats. The threats have gotten
progressively more sophisticated, even employing signed digital certificates to facilitate compromising a
device.
One thing is certain: Regardless of what OS youre working on, data security doesnt have a one-size-fits-all
solution. Your approach will vary based on your organizations needs and resources. You must also factor in
the need to comply with any industry-specific regulations that may exist.
The risks of malware infections cant be fully eliminated, but applying multiple security methods can help you
minimize the threat. Here are seven steps you can take.
Patch management plays a crucial role in ongoing system protection, and fortunately tools are available to
help you keep your systems current. First-party tools from Applewhich include using Terminal to remotely
execute update commands on devices and implementing macOS Server to manage your own Apple Update
Servercan help you ensure that devices are patched and give you granular feedback. There are also third-
party suites that bundle this form of patch remediation for all application types and include imaging software
for streamlined OS deployment.
as the OS updates because they allow the applications to provide the latest security and protection to your
system and its running processes and most important, how it handles your data.
Apple Remote Desktop is a handy tool for deploying application updates, installing new packages, and
executing commands and scripts remotely in a 1:1 or 1:many environment. Third-party suites are also
available to push or deploy patch remediation that will sometimes allow it to run in a web-based setting (a la
MDM) or require a physical command & control server.
Secured network protocols and firewalls, for example, provide security against hijacked transmissions and
prevent access to known malicious websites. While these logical security devices dont solely prevent mal-
ware infection, they can go a long way toward preventing devices from communicating with networks that are
known to be infected.
Antivirus and malware applications are available from a number of top-tier security companies, often for free,
with excellent detection rates, always-on monitoring, and heuristics scanning, which can be extended to
include detection capabilities of ransomware-like processes and alerts to users in an effort to thwart attacks
before they have a chance to deliver the full payload.
By assessing what the devices will be used for, you can determine how the device should be locked down
from a security standpoint. Keep in mind that any applications, services, and connected devices that are not
needed or that are deprecated (such as the SMBv1 protocol, which was succeeded by SMBv2 and SMBv3)
could be a potential attack vector and should be disabled immediately.
Physical security is often overlooked, but its one of several surefire ways to infect a device. True, its not a
typical delivery method, since the attacker must have physical proximity to the host system. Be that as it may,
a device with a logged-on user account and no screen lock or a server that can be rebooted and have its local
security bypassed because no boot password was set may be the cause of days, weeks, or even months of
costly damage. A two-minute breach couldve been prevented by a 30-second countermeasure.
Time Machine, Apples ubiquitous backup application for clients and servers, provides a lightweight solution
for backing up local data across multiple storage types. Extending this capability further, macOS Server in-
cludes the Time Machine Server service, which allows it to act as a centralized management point for all Time
Machine backups located in an organization and to scale to meet the needs and demands of the enterprise.
iCloud offers an excellent cloud backup capability that is baked right into all modern versions of macOS. It
enables data to be restored almost instantaneously from any Apple device or modern web browser.
Encryption software such as FileVault 2 allows for whole-disk encryption so all the data, apps, etc., are fully
protected from tampering when the user is logged out or the machine is powered off. This helps protect data
because without the admin account being logged on, malware payloads will simply read gibberish data that
cant be infected or modified by ransomware.
Similarly, using VPN and proxy servers to secure network connectivity and reroute traffic can be combined
with secured network infrastructure best practices to allow connectivity between trusted networks or for
devices that have been verified to be compliant. Based on filters set up to quarantine untrusted, infected, or
noncompliant systems, it is an effective method to limit the exposure of an attack.
Many users fail to realize that running Windows on Apple hardware will not make that Windows installation as
resilient as the host OS. As a matter of fact, it actually doubles the administrative overhead needed to manage
that device, since now two OSes must effectively be managed: macOS and Windows.
About TechRepublic
TechRepublic is a digital publication and online community that empowers the people of business and
technology. It provides analysis, tips, best practices, and case studies aimed at helping leaders make better
decisions about technology.
Resources
Subscribe to our free newsletters: Stay on top of business technology trends, learn about innovative new
products, and hone your skills with our how-tos and tutorials.
Check out the TechRepublic discussion forums: Touch base with your peers and share tips, advice,
solutions, and opinions.
Catch the latest videos and photo galleries: Our video library offers interviews with entrepreneurs, IT pros,
and CXOs; short clips on the latest tech news; and overviews of emerging technologies. Our galleries offer a
look at everything from the hottest mobile devices to autonomous cars to the gadgets, tools, and accessories
that are headed your way.