{"id":1015,"date":"2016-03-03T10:57:25","date_gmt":"2016-03-03T15:57:25","guid":{"rendered":"http:\/\/www.exchangedefender.com\/blog\/2016\/03\/how-exchangedefender-protects-you-from-ransomware\/"},"modified":"2018-03-13T10:33:04","modified_gmt":"2018-03-13T15:33:04","slug":"how-exchangedefender-protects-you-from-ransomware","status":"publish","type":"post","link":"https:\/\/www.exchangedefender.com\/blog\/2016\/03\/how-exchangedefender-protects-you-from-ransomware\/","title":{"rendered":"How ExchangeDefender Protects You From Ransomware"},"content":{"rendered":"<p><a href=\"http:\/\/www.exchangedefender.com\/blog\/images\/How-ExchangeDefender-Protects-You-From-R_919B\/vc.png\"><img loading=\"lazy\" decoding=\"async\" title=\"vc\" style=\"border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px\" border=\"0\" alt=\"vc\" src=\"http:\/\/www.exchangedefender.com\/blog\/images\/How-ExchangeDefender-Protects-You-From-R_919B\/vc_thumb.png\" width=\"244\" align=\"right\" height=\"192\"><\/a>There has been a lot of news coverage of the new wave of ransomware infecting businesses, encrypting hard drives and data on network shares and creating a \u201cransom\u201d demand in order to unencrypt it. Initially these viruses traveled as typical viruses do \u2013 as executable attachments or inside zip files. Most popular of these was <a href=\"https:\/\/en.wikipedia.org\/wiki\/CryptoLocker\">CryptoLocker<\/a> which has made millions of dollars from businesses that didn\u2019t have adequate protection, most recently from a <a href=\"http:\/\/nymag.com\/following\/2016\/02\/hackers-holding-hollywood-hospital-for-ransom.html\">Hollywood hospital that paid $17,000 to get it\u2019s data back<\/a>. But ransomware has taken a more evil turn \u2013 traveling not as an executable that users have been trained to avoid but as a macro inside Word and Excel documents that users often open without a second thought. <\/p>\n<p>As with any threat, it\u2019s important to layer protection and defend your business with a good firewall, good desktop security product as well as a perimeter scanning service we provide through ExchangeDefender. <\/p>\n<p><strong>ExchangeDefender Layered Protection<\/strong><\/p>\n<p>Before we discuss how ExchangeDefender protects you from ransomware, the most important aspect of IT security isn\u2019t prevention \u2013 it\u2019s education:<\/p>\n<blockquote>\n<p>If you receive an attachment of any kind from a source you don\u2019t recognize: <strong>do not open it<\/strong>. <\/p>\n<p>If you receive an attachment from a source that you do recognize but it looks and feels suspicious: do not open it. If the email address looks wrong, if there are misspelled words, unusual formatting or unusual activity: <strong>stop<\/strong>.<\/p>\n<\/blockquote>\n<p>But let\u2019s talk about prevention. Our partners have many options of using ExchangeDefender to stop the spread of dangerous malware.<\/p>\n<p><em>Attachment &amp; Content Type Blocking<\/em>: The following process is the most flawless, but most disruptive, way to address an epidemic. You can choose to let ExchangeDefender block attachments that are used by Microsoft Office documents. We do not recommend this route but it\u2019s nice to know it\u2019s there for the events in which people are getting infected and virus scanning has not been able to pick up threats faster than they are infecting systems. <\/p>\n<p><em>OLE Virus Filtering<\/em>: ExchangeDefender will block macro (.vbs) attachments outright. But with the rise of <a href=\"http:\/\/thehackernews.com\/2016\/02\/locky-ransomware-decrypt.html\">Locky ransomware<\/a> we now also scan Microsoft Office documents and look for infected and dangerous malware placed in those.&nbsp; <\/p>\n<p><em>Known Threat Sources<\/em>: ExchangeDefender also blocks dangerous content before it\u2019s even an issue. Most of the threatening content is sent from the same sources that are popular with spammers, hackers and malware distributors: hacked PCs, servers, and blog sites. We maintain a realtime list of networks that spread dangerous content and routinely block their ability to infect our users. <\/p>\n<p><em>Firewall &amp; Site Blocking<\/em>: Ultimately, the largest single source of infections isn\u2019t the ExchangeDefender protected or hosted mailbox \u2013 it comes through Yahoo mail, Gmail and other non-business email service. If you aren\u2019t blocking those at your work you need to be. <\/p>\n<p><strong>What else can be done?<\/strong><\/p>\n<p>As mentioned above, client education is the #1 way to address these. Contact our marketing department and ask them to build you a branded best practices flyer for email and Outlook (Hosted Exchange clients only). There are very simple ways to tell when a message is not from your bank or from UPS.<\/p>\n<p>Establish a regularly scheduled backup system for all critical client PCs. <\/p>\n<p>Layer your antivirus protection. No, one AV vendor is not enough and ExchangeDefender uses several commercial and dozens of proprietary data sources to detect and isolate dangerous content. No matter how much you love your single AV vendor and they claim they are the best \u2013 like everyone else they will have an infection evade their scan. If you only have one AV engine, consider adding something like ClamAV to your arsenal. <\/p>\n<p>Establish a review of policies and security implementations. We often see that partners rarely configure ExchangeDefender or monitor it in a way that gives them actionable intelligence. The same can be said for client PCs: Are you monitoring your AV implementations? Are you checking that users aren\u2019t turning off AV or firewalls? Are you looking at strange traffic patterns, use of private proxy or VPN networks to evade network security policies?<\/p>\n<p>CryptoLocker and Locky are neither the first nor the most dangerous threats networks face. But with ExchangeDefender, education and layered security we can keep most online outbreaks from affecting business operations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p> [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,22],"tags":[],"class_list":["post-1015","post","type-post","status-publish","format-standard","hentry","category-exchangedefender","category-pro-tips"],"_links":{"self":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/comments?post=1015"}],"version-history":[{"count":1,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1015\/revisions"}],"predecessor-version":[{"id":1333,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1015\/revisions\/1333"}],"wp:attachment":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/media?parent=1015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/categories?post=1015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/tags?post=1015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}