What are best practices for defense against CryptoLocker type threats in an Active Directory environment?
Are there Group Policies that could help?
NTFS permissions?
Anti-virus software?
Asked
Active
Viewed 197 times
1
-
2Up-to-date antivirus/IDS software and coworkers that don't blindly click shiny links on shady emails is a good start. – Nathan C May 12 '14 at 19:27
-
I had to block .zip email attachments at the edge, since users cannot be trusted. (Of course that doesn't help with personal webmail) – DanBig May 12 '14 at 19:51
-
3Rock solid, well tested backups. – Zoredache May 12 '14 at 20:54
1 Answers
2
The biggest one is backups - well tested, covering everything important, and not directly accessible from client machines, with older backups kept for awhile in case nobody noticed the problem right away.
The next is user training - teach people how to tell if an email is suspicious, and what to do when they encounter one. And the consequences of clicking random attachments in emails.
Also user permissions. People should only have access to the file shares they need to do their job. The virus can't destroy what it can't access.
Antivirus is good, but wont catch a targeted attack.
Unfortunately every company has that one person who will click every link and attachment. Making sure they have as limited access as possible, and you have backups limits the damage and lets you recover without paying a ransom.
Grant
- 17,859
- 14
- 72
- 103