Download - Ransomware protection
![Page 1: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/1.jpg)
Zoltán BalázsMRG Effitas
A ransomware jelenség mellet nem lehet elmenni
![Page 2: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/2.jpg)
![Page 3: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/3.jpg)
Main problems with ransomware detectionAny reactive technology will fail• Antivirus signatures• IDS/IPS• Spam filter
Previously, reactive malware detection was fine for most people, it was OK if the malware was found in 24 hoursWith ransomware, 1 hour detection rate is a real issueReputation based protection is a lot better than signatures
![Page 4: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/4.jpg)
(Almost) Free tips - exploit• Enforce Chrome for Internet browsing• Use EMET free• It only protects IE, but not Firefox or Chrome!
• Instead of EMET, use paid MBAE or HitmanPro Alert• The paid versions protect all browsers against exploits
• Flash click-to-play
![Page 5: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/5.jpg)
(Almost) Free tips - macroMacro malware• Disable all macros except digitally signed macros OR• Office 2016 GPO Block macros from running in Office
files downloaded from the Internet
![Page 6: Ransomware protection](https://reader036.vdocuments.net/reader036/viewer/2022082712/58abf0d11a28ab504e8b65b9/html5/thumbnails/6.jpg)
(Almost) Free tipsWhitelist C:\Users\ execution• Windows built-in Applocker• http://www.mcbsys.com/blog/2013/10/block-user-fold
er-executables/• .exe, .scr, .com, .js, .jse, .wsh, .vbs, .cs, .cab, …• This is a lot of work, lot of things will break. But works.
Backup• Offline backup is more important than ever
Show hidden file extensionsUse generic ransomware protection product
Comparative test coming soon ;P