Simple fixes to Ransomware in Windows Server environments

If you support a Microsoft Windows Server environment and are looking for some simple strategies to protect against Ransomware, you should consider the following:

 

  1. DNS filtering services such as Zscaler and ThreatSTOP.
  2. Removing Local Admin rights from your users.
  3. Implementing File Server Resource Manager on your file servers and creating a file screen to protect against encryption and alert when user activity looks like Ransomware activity. (https://gallery.technet.microsoft.com/scriptcenter/protect-your-file-server-f3722fce)
  4. Protect your endpoints with group policies to restrict executables from running from your temp directories and %appdata%.

Obviously there are many options for expanding the protection, but I will save that for future articles… this is a first step and part of your overall defense in depth measures.