Preventing ransomware attacks with Advanced Threat Protection (ATP)
Most ransomware attacks start via mail and can be prevented!
What does ransomware mean?
Ransomware or hostage software is a means of blackmail on the Internet. Literally translated, ransom means: ransom. Ransomware is malware that blocks a computer and/or the data on it and then asks the user for money to 'liberate' the computer again by means of a code provided in exchange for payment. However, payment does not (always) lead to unlocking the infected computer, warns the Dutch government. And even when the code is successfully used after payment, the software remains on the computer and can block the system again several months later and ask for even more money. Source
Spreading of ransomware
- The most common distribution of ransomware is via email. In this article, we will focus largely on this method.
How can you add extra safety with ATP?
- Activate a trial licence of Microsoft 365 E5 or ATP separately via your admin portal. Or via this blog.
- Navigate to: https://admin.microsoft.com/Adminportal
- Click on Create policy. (See image below)
- Activate the best practice by clicking on create policy.
- See also the recommended configurations of ATP.
What are other possibilities?
- Thanks to the above best-practice, protection against advanced cyber threats has been activated.
- Office 365 Advanced Threat Protection (ATP) is set to block or limit malicious content in email attachments, links and files in SharePoint, OneDrive, Office and Microsoft teams
Ransomware can be prevented
- IT professionals play an important role. Inreality, multi-factor authentication is often even difficult to implement by IT professionals.
- Commodity (old and known) malware alerts can indicate that new attacks are growing. MDATP has everything included to counteract this.
- To truly mitigate modern attacks, the infrastructure that lets attackers in must be addressed. Organisations need to focus less on solving alerts and invest in the attack surface through which these problems can occur. Proactive.
Use multi-factor authentication
- Create enough security-awareness, but enough is enough.
- When an organisation is under attack, we often activate MFA.
- 1 in 200 accounts of all professional office 365 users is breached according to Microsoft figures. Source.
- Block all exotic protocols such as IMAP, POP3 + Protect all layers within the organisation with security Azure Defaults!
- Create a real digital workplace. MFA with Windows 10 does not give many pop-ups. MFA with Windows 10 without a deep integration in a traditional model well. MFA with Windows 7.... you are already hacked!
Further develop Microsoft Defender ATP (MDATP)
- MDATP or Microsoft Defender ATP is not just Microsoft's virus scanner. MDATP is an end-to-end security mechanism that makes deep insights graphical and understandable. It shows risks and can act on these risks.
- With MDATP you have the best and user-friendly insights to build a security operation and properly protect the base so that you cannot fall victim to ransomware .
- See the security -patching gap on all devices so that you can improve it.
- Delete privileged account.
- Use advanced hunting to detect brute force attempts .
- Use Windows defender firewall, tamper protection,...