Symmetric Tech Blog

Life's too short for complicated solutions

Ransomware Prevention Opinion

Ransomware Prevention Opinion

There are quite a few ransomware prevention strategies and prevention techniques and software available. They vary from trying to identify ransomware by definitions or heuristics, antivirus style or preventing executables from running in specific directories. Then there are software that monitor common locations for encrypted files and attempt to stop the ransomware from further encrypting files. Application white-listing is also an option. 

There are surrounding safety settings that can also be employed, i.e, disabling RDP and locking down outlook with safe attachments etc.

None of the above methods really provide peace of mind - they tend to interfere with day to workings and rely on frequent updates. They also suffer from false positives (devils advocate note: here is an interesting read about a generic approach to ransomware detection that unfortunately is not available on the windows platform:) Towards Generic Ransomware Detection

As with most conclusions about ransomware it comes down to backups. This is what Symmetric also recommends. A backup strategy that involves rotated backups and multiple storage places is always the best. Best case scenario if you get hit by ransomware is that you more than you simply restore your backup not more than a few hours old. Worst case scenario is you restore a backup from a fall back backup which may be a week old. So worst case scenario will never compare with losing all your data.

Your primary backup location should be protected. Windows 10 has this functionality finally built in now but Macrium does this as well ( MIG ). This takes care of your primary  backups and safe-keeps it from unauthorized access. A secondary backup for rotation, i.e, daily or weekly, whatever suits your workflow. This is fall back 1.

Fall back 2 should be an online method that has versioning, this is important as it will allow you to revert back to a previous unencrypted version of your data.

Fall back 3 should be another local back that is stored not on location. This covers all other worst case scenarios.

Windows 10 slow internet / slow https / slow outlook exchange

Windows 10 slow internet / slow https / slow outlook exchange

An odd one, the client PC(Windows 10 Creators Update) presented mainly with Outlook connecting very slowly to exchange, thereafter it was almost unusable. It would hang on trying to send and email and updating the folders were slow to non-existent.

It appeared that some https websites were very slow to respond as well, sometimes not loading at all. The smartscreen filter also was non functional ("Smartscreen filter can't be reached now")

Try the following DNS change in group policy. Run gpedit.msc, under Computer configuration -> Administrative Templates -> Network -> DNS Client: Set "Turn off smart multi-homed name resolution" to Enabled.

Note1: You may need to untick IPV6 under network adapters in case this fix does not work. Note, some testing is still needed to isolate this as the root cause.

Note2: The assumption is that the usual suspects have been eliminated, ie, Office repair/reinstall, network reset, file integrity checks [sfc /scannow], virus/malware checks, new office profile, new windows profile etc