Global Ransomeware Attack Prevention

+5 votes
Hi there,

I have been hearing so much about these ransomeware attacks around the world.

What steps can I take to prevent being attacked?
asked May 19, 2017 in General by Rookie (4,500 points)

1 Answer

0 votes

Hi Rookie,

With the increase in the number of recent Ransomware attacks globally here are the best steps to be taken in terms of securing a hosted Windows server.

Please note that these suggestions are a guide only and won't completely prevent all instances of Ransomware attacks but will go a long way to mitigating the vast majority of them.

1. Remember to use Strong and Unique passwords for all of your logins.
Windows allows you to force these requirements using the Local Security Policy manager accessible in the Windows Administrator Tools directory or by searching for Local Security Policy at the Start Menu.

In addition to enforcing password complexity requirements the Local Security Policy manager can also enforce lockouts for incorrectly entered passwords after a definable number of failed login attempts. This can be effective in stopping Brute Force attacks on your login password.

As remembering a large number of complex passwords is unfeasible for most people it is recommended that you use a password manager
for this purpose. There are many available options such as LastPass, 1Password and KeePass to name a few. Please choose the one that best suits your requirements.

2. It is a good idea to enable Windows built in firewall and use it to limit access to publicly facing services that could be used to log in to the server itself. Limiting access to the RDP service to only trusted IPs or IP ranges is a good idea and can lock out large parts of bot nets trying to brute force a login.

If the internet connection from which the server is accessed uses Dynamically Assigned IPs then you can contact your ISP to find out what IP ranges they use so that they can be allowed on the servers firewall.

Please be sure to test any firewall changes either in a test environment or on a local machine before applying them to the server to avoid locking out remote access.

If a third party firewall solution is to be used it is also recommended that it be tested first before deploying it on a hosted server.

3. Please enable regular Windows updates. Microsoft does roll out regular security fixes for all supported Operating Systems that address newly discovered remote exploits. It is quite common to see newly disclosed exploits used by botnets in an attempt to leverage them to gain access before fixes are applied to affected systems.

You can review and modify the update frequency from the Control Panel on the server.

4. It is also strongly recommended that you install an anti-malware program to scan the servers filesystem for files that contain malicious code. Microsoft does include the Windows Defender antivirus with Windows Server 2016 for free and is recommended. If you have an earlier version of Windows Server then please choose an equivalent program.

Please ensure that daily scans are configured to search for malicious files and that the virus definitions are kept up to date.

Windows Defender can be enabled and managed from the Control Panel in Windows 2016.

Please bear in mind that these are only the basic best practices for securing a Windows Server and does not cover every available option doing so. The best recommendation we can give would be to remain vigilant in researching the security of any applications that are installed on the hosted server and how access is granted to users of that server.

Beyond simply updating your systems remember not to click on any suspicious links or install any untrusted software. If you notice any unexpected behavior or resource usage on your computer then it is a good idea to investigate the cause.

If you require further assistance please email: support@afrihost.com

or contact Afrihost support on 011 612-7200

or via live chat support on our website

alternatively you may request a call back by smsing the word 'help' to 32541

answered May 19, 2017 by AfriDazzil (31,740 points)
...