Network Perpetrators ,Hacker, and not very nice people in general always looking for new ways to get into the network and encrypt the data for ransom.Since bitcoin is anonymously used with an ease with out any trace. more and more will join this crime as it is relative easy and very profitable, There is even RAAS option (Ransom As A Service) which alow anyone to design a virus and downloading it. spreading it and split the ransom with the maker for the decrypt keys.
here some advice how to make this harder for them :
- Take all the users who do not need to be in the domain admins group (Administrators, Domain admins, Enterprise Admin ECT) – if the user executing ransom virus is not admin or do not have premissions on folder and file, the damage can be smaller and the restoration proccess can be faster (Shadow Copy).
- Block RDP hard drive mapping – the new virus can pass through there : https://itsimple.info/?p=392
- Enable “BitLocker Active Directory Recovery Password” – Some hacker just hack into the network and use Windows BitLocker to Lock partition or disk on the server asking for money for the password to open the encryption:
In the console tree under Computer Configuration\Administrative Templates\Windows Components, click BitLocker Drive Encryption. In the details pane, double-click Store BitLocker recovery information in Active Directory (Windows Server 2008 and Windows Vista). To enable the Recovery Password viewer you need to add the option through the feature included with the Remote Server Administration Toolkit (RSAT), you can install by using the Add Feature wizard in the RSAT management console. This tool lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS) . more information : https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
4. Enable “Shadow Copy” on all drives, For example in windows 2008 : https://technet.microsoft.com/en-us/library/dd637757.aspx .
5. Make the users use Complex Password, A lot of hackers use “Brut Force attack”
6. If you have any authentication system, make it encrypted ! for example outlook connection to exchange on premise , username and password for domain user can transferee as a clear text and can be extracted with an ease .
7. Backup Backup Backup !!! The cloud backup is an excellent option, if you have virtualization, use replication option depend on your software option, mind you that the backup is important but always keep in mind how you are going to restore the data and how much time it will take !!! this should be the most important consideration when choosing the backup way .