Ransomware Prevention

There was recently a severe ransomware threat that was identified called "Locky."  It is currently making its rounds through networks causing severe damage.  If you aren't familiar with ransomware, this is a type of infection on your network that locks your files and holds them for ransom until you pay the attackers.  

Unfortunately there's no "magic wand" in regards to ransomware.  If this or another type of ransomware infects your network, your best course of action is restoring from a backup.  That being said, we all hope it never happens in the first place.  Of course, to prevent it, we have to take measures to do so.

One of the things that will be of the greatest benefit to you is to ensure that your firewall is configured to scan for viruses and malware.  These features usually work based on signatures that are downloaded to your firewall.  The point of antivirus on your device is to prevent harmful content from coming in before it ever gets to your users' computers.  (As a side note, having AV on your firewall doesn't mean you can get away with not having AV on your computers.  You need both to be fully protected.)

The second greatest benefit is to have an APT blocking service or feature on your firewall.  APTs, or Advanced Persistent Threats, are zero-day exploits that haven't yet been identified, but that are still just as harmful.  An APT blocking service is designed to run this potentially malicious content in a simulated environment to see what the possible impact would be.  It should then alert you if the connection was found to be harmful.

With both of these services, once you ensure you have them on your firewall, you then need to make sure they are configured correctly.  One of the things you will hear us talk about in our organization is the importance of your configuration.  You can put in a top-of-the-line firewall with all of the bells and whistles, but until you configure it correctly, you aren't getting the full benefit of its features.