How to secure the network from ransomware

Latest Update: 20/10/2023

How to secure the network from ransomware

Windows Networks security

Even large companies like Honda can fall victim to Ransomware, a type of targeted data encryption attack (targeted attack). Ransomware will cripple your Windows Networks system.

Honda’s Customer Service and Financial Services have been hit by ransomware recently. Kaspersky’s cybersecurity organization found samples in the VirusTotal database showing that the Honda company was targeted by Snake ransomware.

This incident caused many businesses to think from Honda’s lesson and better protect Windows Networks from Ransomware.

Kaspersky pointed out that the Ransomware malware was launched by a file called “nmon.bat”. It is difficult for network security warning tools to detect the strange files, by default the file “.bat” is understood to be a scriptable file or batch file commonly used in the Network in general. Normally, in Network environments, this will be an allowed file to operate.

The hacker then launched a file called “KB3020369.exe” to perform the attack. This is a deliberate way to name the attack file, to avoid the suspicion of network security experts because Microsoft has just released a patch for Windows 7 called “Windows6.1-KB3020369-x64.msu ”.

Snake ransomware disables the Volume Shadow Copies in the Network and then destroys processes related to virtual machines (VPS), control systems, remote management tools, and network management software. The attack sequence was created to handle the internal domains of the Honda company.

The following attackers, the preferred form of the fisherman, will hide in the Network layers until they find an opportunity and are ready to attack, maybe just a few months later.

The big lesson learned from the ransomware attack on Honda will help businesses stay alert and equip Windows Network system security solutions better:

Be wary of blacklist tools, scripts, and policy settings

You can check for unauthorized activities in the event log. Follow these steps to review event logs in the original Windows Network:

  • Run eventvwr.msc.

  • Access Windows Windows logbook.

  • Right-click on Security Diary and go to the properties of 19.

  • Enable logging is selected.

  • Increase the log size to at least 1 GB.

  • Find event ID 4698 to find the latest scheduled task.

In addition, you can also set up PowerShell tasks to send email notifications when new tasks are created and run.

Identify employees who are most at risk of phishing attacks

A fake professional email can trick a domain administrator into giving hackers a chance to gain access to your network. Especially when employees must use a private network to work outside the company. Check licenses and tools that enterprises provide to employees in charge of Network administration.

Review domain directories and anti-ransomware policies

Attacks are often launched from the same locations that an administrator uses to manage the Network. Take the time to validate access and the files you store and script location. Double-check with any new files added to the directory used for administration. Review the appropriate permissions on the directories to make sure only authorized users can add or modify these management scripts.

Use multi-factor authentication for privileged accounts

Most importantly, ensure that the multi-factor authentication (MFA) domain administrator is enabled whenever remote access is required. Review which accounts are used in your Network and where you use them.

Review the backup plan data

Preparing a perfect backup in case of Ransomware encryption, you can recover data quickly without paying ransom for hackers. Create regular automatic backups and ensure they are well-protected.

The user account performing the special data backup process must be different from the user login account of the Network system. Finally, perform the offline backup process to prevent hackers from attacking to delete online backup files.

You need to support the use of professional Cloud, unlimited infrastructure, advanced security, contact VNETWORK immediately to experience.——-




Hotline: (028) 7306 8789

Sitemap HTML