Ransomware is defined as "malicious software designed to block access to a computer system until a sum of money is paid."
Smoothwall uses several methods to protect client devices from threats such as ransomware, and this article will detail some of the methods used to ensure your network remains safe and secure.
Some of the most common attack vectors for ransomware are via phishing emails, email attachments, adverts which contain malicious content, and through infected web pages which redirect users to download malicious software.
To best ensure your network is protected against these threats you should ensure that the following measures are in place:
As an absolute minimum, you should ensure that both the Adverts and Malware and Phishing categories are blocked for all users across your network — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filteringpolicywiz.htm. The Malware and Phishing category is updated on a daily basis to ensure your users are always protected against the latest threats.
HTTPS Decrypt and Inspect
An HTTPS Decrypt and Inspect policy should be in place so that all web content is visible to your Smoothwall — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/httpspolicywiz.htm. This allows us to perform content analysis on web pages and make better categorization decisions.
Enable anti-malware scanning on Guardian, Anti-Spam, and FTP Proxy (as applicable). We use BitDefender’s proven anti-malware engine, and frequently updated malware signatures. This will help prevent ransomware executables from reaching the end-user’s workstation.
For best protection you should make sure your Firewall is locked down so that only the necessary ports are open.
|Last updated:||Author:||Contributions by:|
|3rd February 2017||Chris Humby|