17 Tips For Protecting Windows Computers and Macs From Ransomware

17 tips for protecting
Windows computers and

Macs from ransomware
Copyright 2017 CBS Interactive Inc. All rights reserved.

2 17 TIPS FOR PROTECTING WINDOWS COMPUTERS AND MACS FROM RANSOMWARE
17 tips for protecting

Windows computers and
Macs from ransomware
Copyright 2017 by CBS Interactive Inc. All rights reserved.
TechRepublic and its logo are trademarks of CBS Interactive Inc. Credits
All other product names or services identified throughout this
book are trademarks or registered trademarks of their respective Editor In Chief
companies. Reproduction of this publication in any form without Jason Hiner
prior written permission is forbidden.
Managing Editor
Published by TechRepublic Bill Detwiler
June 2017
Feature Editors
Disclaimer
Jody Gilbert
The information contained herein has been obtained from
Mary Weilage
sources believed to be reliable. CBS Interactive Inc. disclaims
all warranties as to the accuracy, completeness, or adequacy of
Assistant Editor
such information. CBS Interactive Inc. shall have no liability for
Amy Talbott
errors, omissions, or inadequacies in the information contained
herein or for the interpretations thereof. The reader assumes Author
sole responsibility for the selection of these materials to achieve Jesus Vigo
its intended results. The opinions expressed herein are subject
to change without notice. Cover Image
iStockphoto/nevarpp
TechRepublic
9920 Corporate Campus Dr.
Suite 1000
Louisville, KY 40223
Online Customer Support:
http://techrepublic.custhelp.com/

How to protect your Windows

computers against ransomware
Malware has been around for decades now. And as our reliance on computing systems has grown, so too
has malware proliferation. While antivirus applications were once the key element in preventing infections from
occurring (and subsequently spreading), malware has evolved over time in various ways, similar to how our
computer usage has changed.
With the changes to malware and its behaviors, the methods of detection and protection have had to be
modified to prevent infections from assorted malware types, like spyware, ransomware, and adwareand in
the case of zero-days, to mitigate the impact while limiting the exposure as much as possible.
With the recent WannaCry ransomware infection affecting users on an international scale, the stakes are
extremely high for those who rely on technology to protect their data at all costs. This is especially true of
critical systems, such as those that provide life-saving care in hospitals, infrastructure used to manage utilities,
and information systems used in government services.
The approach to data security is not a one-size-fits-all solution, as it varies based on the organizations needs
and the resources available to it. Consideration must also be given to complying with any regulations that may
exist specific to your industry.
With that said, safeguards are merely that. The risk associated with malware infections is always present, as
risk cant be eliminated. But applying multiple security applications as a layered solution provides compre-
hensive protection on several fronts to minimize the threat of a potential outbreak in accordance with best
practices.
1: Stay on top of patch management for clients and

servers
Keeping current with Windows Updates ensures that your clients and servers will be patched against any
known threats. Vulnerabilities that exist in the form of zero-days will not be covered since that is not possible
and yet the WannaCry infection managed to infect more than 150 countries at such an alarming rate, despite a
patch having been readily available almost two months prior to the attack.
With patch management playing such a crucial role in on-going system protection, there is no end to the
tools available to organizationssmall, medium, or largeto help ensure that their systems are current.
First-party tools available from Microsoft, such as Windows Server Update Services, which is included as a
service of Windows Server or Systems Center Configuration Manager (SCCM), can manage patches, from
deployment to remediation with included reporting on the status of all managed devices for first- and third-
party applications.

2: Update security software and hardware appliances

As stated previously, each organization will have differing needs and resources available to best manage the
network and its data. While some commonalities exist, such as firewalls and intrusion prevention systems
(IPSes), these devices provide filtering of traffic at the ingress/egress of the network. Alongside firmware
updates and signatures, these devices also offer manual configuration to better suit your networks protection
requirements.
Active monitoring of the health of these devices, along with updating configurations as necessary to match the
networks needs, will result in enhancing the networks security posture and help enable the security appliance
to stave off attacks.
While these devices may not necessarily be Windows-based devices, I included them here because of the
real-world benefit they provide in helping to mitigate unauthorized network intrusions and to fend off attacks.
3: Harden device security

Hardening clients and servers is imperative to limit the attack surface from internal or external attacks. The
process of hardening a Windows client will differ from a Windows server, in that the aim for their use can vary
drastically.
By assessing what the devices will be used for, you can determine how the device should be locked down
from a security standpoint. Keep in mind that any applications, services, and connected devices that are not
needed or that are deprecated (such as the SMBv1 protocol that allowed the WannaCry exploit to proliferate)
should be considered a potential attack vector that may be exploited and should be disabled immediately.
Microsoft offers the Microsoft Baseline Security Analyzer (MBSA) for clients and servers alike to perform
vulnerability assessments for devices and the services that run atop them. It also makes recommendations on
how to harden them for the utmost security without compromising services. For newer OSes, such as Win-
dows 10 and Windows Server 2012/2016, MBSA will still work, though it may be used in conjunction with the
Windows Server Manager app to identify compliance with best practices, troubleshoot configuration errors,
and identify operating baselines used to detect variations in performance, which may be an indicator of a
compromised system.
4: Manage data backups

Lets face it, a computer is only as reliable as the data it works with. If said data has become compromised,
corrupt, or otherwise lost its integritysay through encryption by ransomwareit will cease to be useful or
reliable.
One of the best protections against ransomware in general is a good backup system. As a matter of fact,
several backup systems are better still. Since data can be backed up to several different media at once, an

incremental backup to a local drive that you can transport with you, alongside a constant backup to cloud
storage with versioning support, and a third backup to a network server with encryption provides ample
redundancy so that if your local drive becomes compromised, you still have three possible data sets to
recover from.
The Backup And Restore Utility native to Windows clients and servers provides a lightweight solution for
backing up local data across multiple storage types. Meanwhile, OneDrive offers excellent cloud backup
capability. Third-party software to centrally manage data backups across an organization or to/from the cloud
is available from several providers as well.
5: Encrypt data at rest and in motion

Encrypting data on the whole will not prevent your computer from ransomware infections, nor will it prevent a
virus from encrypting the already encrypted data should the device become infected. Be that as it may, some
apps use a form of containerization to sandbox data that is encrypted, rendering it completely unreadable by
any process outside the container applications API.
This is extremely useful for data at rest since it prevents outside access unless its through the designated
application. But it does nothing for data in motion or data that is being transferred over the network. In cases
where transmission is required, the de facto standard is virtual private networking (VPN), since it creates an
encrypted tunnel by which to send/receive data to/from, ensuring data is protected at all times.
6: Ensure that network infrastructure configurations

are secure
Unfortunately, the network is often set up and configured during the installation period of new hardware and
then its left to operate unchecked until something fails. Networking equipment, including routers, switches,
and wireless access points, require updated firmware and proper configuration, along with proactive
monitoring to address trouble points before they become full-blown issues.
As part of the configuration process, an optimized network will be set up for Virtual LANs (VLANs) or
segment traffic and should be managed to ensure that data gets where it needs to go in the most efficient
manner possible. Another security benefit of VLANs is the ability to logically quarantine malicious traffic or
infected hosts so that they cant spread the infection to other devices or parts of the network. This enables
administrators to deal with compromised hosts without risk of spreading the infection or to simply shut down
the specific VLAN altogether to effectively cut off the device(s) from the internet until remediation has occurred.
7: Implement network, security, acceptable use, and

data recovery policies
Policies are often used by larger organizations to enforce compliance with rules and regulations by their
employees. However, besides being a document that dictates the rules of the workplace, policies can also
serve as guidelines for end users to follow before an attack takes place and as a survival guide during and
after an attack occurs.

While policies do not inherently stop malware at a technical level, if written properly they can address known
issues or concerns with respect to data security and arm employees with useful information that could prevent
an infection from spreading. Policies may also direct them to provide feedback to IT support to remedy a
reported issue before it becomes a larger problem.
Policies should always be considered drafts in a sense. Technology is dynamic and ever changing, so
the policies that are in effect must change too. Also, be mindful of any restrictions or regulations that may
apply to your field. Depending on the industry, writing policies can get tricky and should be addressed with
management (and perhaps legal) teams for accuracy and compliance.
8: Document changes to your clients and servers

As with instituting policies, there is no direct correlation between documenting change management process
(or recording all changes to clients/servers, including patch deployment, software upgrades and baseline
analyses) and preventing ransomware outright.
However, detailing changes made to systems configurations, along with the other measures previously
listed, can have a profound effect on ITs ability to respond to threats proactively or reactively. Furthermore, it
allows for adequate testing and measurement of results that any changes made to systems has on services
provided and uptime availability. Lastly, it offers a record of the changes made (alongside their results), which
administrators, contractors, and other support personnel can review to determine the cause of some issues or
possibly address their recurrence in the future.
For a comprehensive set of documentation to be useful, you need input from various support teams
including systems and network administrators, help desk staff, and managementto create a documentation
process that is effective yet simple to follow and easy to manage.
9: Train your end users

Never underestimate the value of proper training for all staff, not just IT. Protecting against malware is not solely
ITs job. Its everyones responsibility since it affects everyone and can be essentially brought on by anyone at
the organization.
Considered a preventative measure, training that focuses on identifying possible malware attacks, such
as phishing, can be an effective tool in preventing malware campaigns against your organization from
compromising sensitive data.
End-user training should center not just on identifying malware attack attempts, but should also target
mitigation techniques that users can take to prevent or slow down infections should they suspect their
computers have been compromised. Finally, no training is complete without informing users about the
organizations expectations with respect to their responsibilities on reporting issues the instant they spot
something out of the norm.

10: Perform risk management assessments

The aim of a risk assessment (RA) and risk management (RM) process is to identify internal and external
threats (also called hazards) and the equipment and services that are affected by them, as well as to analyze
their potential impact. The management portion of RA involves evaluating this data to prioritize the list of risks
and identify the best plan of action in mitigating them.
RA and RM can help you pinpoint the trouble spots and implement an ongoing plan to prevent these issues
from negatively affecting your organization. At the very least, RA/RM allows IT to focus its efforts on aligning
the companys resources with the devices that pose the greatest threat if compromised, such as mission-
critical systems.
This process enables IT, management, and compliance/regulation entities to best determine the path forward
in identifying equipment, mitigating hazards, determining the order in which to resolve threats, and evaluating
the assessment itself so that procedures can be updated and corrective actions modified as risks change
over time.

How to protect Macs against

ransomware
Malware is somewhat of an anomaly on Macs. For years, Apple users reveled in the knowledge that their
OS of choice was impervious to viral infection. Apple even highlighted this lack of threat as a selling point in
commercials and marketing for earlier versions of OS X.
And yet for the last few years, weve seen a steady increase in the number of threats aimed squarely at
macOS users. As Apple continues to grow market share for computers and servers, the potential number of
targets goes upand that has caught the attention of threat actors looking to cash in.
Though still not as explosive as the Windows market share, in less than a year, Macs have gone from
not having any major malware infections to having several ransomware threats. The threats have gotten
progressively more sophisticated, even employing signed digital certificates to facilitate compromising a
device.
One thing is certain: Regardless of what OS youre working on, data security doesnt have a one-size-fits-all
solution. Your approach will vary based on your organizations needs and resources. You must also factor in
the need to comply with any industry-specific regulations that may exist.
The risks of malware infections cant be fully eliminated, but applying multiple security methods can help you
minimize the threat. Here are seven steps you can take.
1: Update macOS client and server OSes

OS updates ensure that clients and servers will be patched against known vulnerabilities. While this does not
include zero-day exploits, the overwhelming number of common vulnerability and exposures (CVEs) patched
in any given update can easily be dozens of tiny, seemingly insignificant holes that are patched against
exploitoften for services that may not be readily in use on a particular system but that spread infection
nonetheless.
Patch management plays a crucial role in ongoing system protection, and fortunately tools are available to
help you keep your systems current. First-party tools from Applewhich include using Terminal to remotely
execute update commands on devices and implementing macOS Server to manage your own Apple Update
Servercan help you ensure that devices are patched and give you granular feedback. There are also third-
party suites that bundle this form of patch remediation for all application types and include imaging software
for streamlined OS deployment.
2: Keep applications current

Sooner or later, all individual software apps will require an update to enable a new feature, protect against
a detected vulnerability, and/or provide compatibility with a newer OS. These updates are just as important

as the OS updates because they allow the applications to provide the latest security and protection to your
system and its running processes and most important, how it handles your data.
Apple Remote Desktop is a handy tool for deploying application updates, installing new packages, and
executing commands and scripts remotely in a 1:1 or 1:many environment. Third-party suites are also
available to push or deploy patch remediation that will sometimes allow it to run in a web-based setting (a la
MDM) or require a physical command & control server.
3: Make sure security is enabled and configured

properly
Like all modern computers, macOS includes a host of hardware and software security implementations to
configure. Enabling strong passwords, restricted accounts, and limiting the use of administrative context
usage is the tip of the iceberg.
Secured network protocols and firewalls, for example, provide security against hijacked transmissions and
prevent access to known malicious websites. While these logical security devices dont solely prevent mal-
ware infection, they can go a long way toward preventing devices from communicating with networks that are
known to be infected.
Antivirus and malware applications are available from a number of top-tier security companies, often for free,
with excellent detection rates, always-on monitoring, and heuristics scanning, which can be extended to
include detection capabilities of ransomware-like processes and alerts to users in an effort to thwart attacks
before they have a chance to deliver the full payload.
4: Lock down your devices physically and logically

Hardening clients and servers is imperative to limit the attack surface from internal or external attacks. The
process of hardening a Mac client will differ from a Mac server, since their usage can vary drastically.
By assessing what the devices will be used for, you can determine how the device should be locked down
from a security standpoint. Keep in mind that any applications, services, and connected devices that are not
needed or that are deprecated (such as the SMBv1 protocol, which was succeeded by SMBv2 and SMBv3)
could be a potential attack vector and should be disabled immediately.
Physical security is often overlooked, but its one of several surefire ways to infect a device. True, its not a
typical delivery method, since the attacker must have physical proximity to the host system. Be that as it may,
a device with a logged-on user account and no screen lock or a server that can be rebooted and have its local
security bypassed because no boot password was set may be the cause of days, weeks, or even months of
costly damage. A two-minute breach couldve been prevented by a 30-second countermeasure.

5: Back up, back up, back up

One of the best protections against ransomware (by virtue of allowing you to bounce back from it quickly) is a
good backup systemin fact, having several backup systems is even better. Since data can be backed up to
several media at once, an incremental backup to a local drive you can transport with you, a constant backup
to cloud storage with versioning support, and a third backup to a network server with encryption provides
ample redundancy so that if your local drive becomes compromised, you still have three possible data sets to
recover from.
Time Machine, Apples ubiquitous backup application for clients and servers, provides a lightweight solution
for backing up local data across multiple storage types. Extending this capability further, macOS Server in-
cludes the Time Machine Server service, which allows it to act as a centralized management point for all Time
Machine backups located in an organization and to scale to meet the needs and demands of the enterprise.
iCloud offers an excellent cloud backup capability that is baked right into all modern versions of macOS. It
enables data to be restored almost instantaneously from any Apple device or modern web browser.
6: Secure data storage and transmissions

Encrypting data on the whole wont prevent your computer from ransomware infections, nor will it prevent a
virus from encrypting the already encrypted data if the device becomes infected. However, some apps use a
form of containerization to sandbox data that is encrypted, rendering it unreadable by any process outside
the container applications API.
Encryption software such as FileVault 2 allows for whole-disk encryption so all the data, apps, etc., are fully
protected from tampering when the user is logged out or the machine is powered off. This helps protect data
because without the admin account being logged on, malware payloads will simply read gibberish data that
cant be infected or modified by ransomware.
Similarly, using VPN and proxy servers to secure network connectivity and reroute traffic can be combined
with secured network infrastructure best practices to allow connectivity between trusted networks or for
devices that have been verified to be compliant. Based on filters set up to quarantine untrusted, infected, or
noncompliant systems, it is an effective method to limit the exposure of an attack.
7: Protect your Windows Boot Camp installations

While many Mac users do not implement any system other than macOS on their Apple hardware, a large
number of users do, especially when leveraging technologies such as Boot Camp to allow for dual-booting
Windows on a Mac.
Many users fail to realize that running Windows on Apple hardware will not make that Windows installation as
resilient as the host OS. As a matter of fact, it actually doubles the administrative overhead needed to manage
that device, since now two OSes must effectively be managed: macOS and Windows.

About TechRepublic
TechRepublic is a digital publication and online community that empowers the people of business and
technology. It provides analysis, tips, best practices, and case studies aimed at helping leaders make better
decisions about technology.
Resources
Subscribe to our free newsletters: Stay on top of business technology trends, learn about innovative new
products, and hone your skills with our how-tos and tutorials.
Check out the TechRepublic discussion forums: Touch base with your peers and share tips, advice,
solutions, and opinions.
Catch the latest videos and photo galleries: Our video library offers interviews with entrepreneurs, IT pros,
and CXOs; short clips on the latest tech news; and overviews of emerging technologies. Our galleries offer a
look at everything from the hottest mobile devices to autonomous cars to the gadgets, tools, and accessories
that are headed your way.

17 Tips For Protecting Windows Computers and Macs From Ransomware

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

17 Tips For Protecting Windows Computers and Macs From Ransomware

Uploaded by

Copyright:

Available Formats

17 tips for protecting

Windows computers and

Copyright 2017 CBS Interactive Inc. All rights reserved.