Home Prevention - Malware / Ransomware Controls
Segmentation
Throttling High Consumers
Monitor atypical activity
Backup segmentation
Activate detailed logging
Restrict administrative privileges
Software updates
Hardening
Backups
Anti-virus
Monitoring
Access Control
Content Filtering
Honeypots
Threshold specific API Calls
Password quality
Activation of specific system logs
Disable usage of plaintext cached credentials on LSASS
Address urgently any identified critical and high severity vulnerabilities
Email with AV, reputation check, and SPF/DKIM/DMARC
Limited exposure of services to the Internet
Verification of the reputation of source IP addresses
Implement IDS/IPS (including layer7)
Segment the perimeter according to the criticality / nature of the services
Proxy with content filtering
Patching and update (no excuses)
Disable Macro Scripts
Disable Plug and Play for non data volume devices
Active notifications every time a website tries to execute or install software
Antivirus / malware with active detection and updated databases
Disable access via remote desktop services
Complex passwords
Firewall enabled in the remote workstation
Disable or remove all “guest” accounts / users or that are no longer in use
Remove all unused network interfaces
Perform day-to-day tasks with accounts / users without administration privileges
Do not install software without authorization and do not uninstall software installed by the Organization
Do not use accounts / users without a password
Updated web browser and related plugins
Keeping information in centralized controlled repositories and avoiding information being dispersed
WIFI only WPA2
Wireless VLAN for work access
Inhibit more than 1 connection per user on the VPN
2FA/MFA/UFA
Firewall enabled in the remote workstation
Antivirus / malware with active detection and updated databases
Disable access via remote desktop services
User Awareness
Do not use pirated software
Define and communicate contact point
Evaluate user-awareness through Phishing campaigns
Perform table-top exercises
Incident Response Plan
Relevant Contacts
Contextual impact analysis
Disconnect / Isolate
Sandbox implementation
Check if decryptor is available
Containment
Restore
Report the Infection (authorities)