Other top tips to protect against ransomware
I wanted to make a list of other common best practices related to how you can reduce the risk of ransomware attacks on your infrastructure, some of it we have already covered in previous chapters, but I wanted to make a summary list of the different countermeasures we have gone through in this book:
- If there is no need for servers to have internet access, they shouldn’t have it. Having servers with internet access makes it easier for attackers to download additional payloads or persistent access using tools such as TeamViewer or AnyDesk on those machines. Secondly, it makes it easier to exfiltrate data directly from, for instance, the file server.
- When infrastructure requires internet access, implementing a DNS filtering service is recommended to reduce the risk of initial attacks contacting command and control (C&C) domains commonly used by malware, such as IcedID or Emotet. Another option is to use a web proxy with...
