Weaponry to fight ransomware

Ransomware attacks are on the rise, but we have tools to prevent them.

We’ve already talked about the quick steps administrators can take in the event of an encrypting ransomware attack. Unfortunately, such incidents have been occurring more and more often. Perhaps the most frustrating thing about this trend is that sometimes people expose their business to cyberthreats not because they can’t afford security products, but because they don’t know how to use the products to provide efficient protection from encrypting ransomware. In some cases, administrators fail to configure security solutions properly or even disable the required components.

Kaspersky Lab has prepared several videos to help administrators configure the latest versions of Kaspersky Endpoint Security for Business and Kaspersky Security for Windows Server. Both solutions include, among other features, technology capable of counteracting encrypting malware.

System monitoring

In most cases, security solutions block ransomware with no extra help, but new and recent malicious programs may not yet be included in their databases. To combat such threats, you need subsystems monitoring programs’ behavior. If the computers on your network are protected by Kaspersky Endpoint Security for Business, you can use the general control console in Kaspersky Security Center to enable updatable patterns of dangerous activity (Behavior Stream Signatures, or BSS) to identify and block malicious activity.

Protection of sensitive documents

As we have said many times, maximum information security requires multilayered protection. As another layer of security, restricting access to files of a particular type is helpful, too.

This feature allows you to deny all unknown programs’ access to files of a selected type. For more information on setting this up, see our support site:


Actually, there is one more weapon you might want to use in your fight against ransomware. Fans of extreme measures may also take advantage of Default Deny mode, which blocks any attempts to launch programs not included in the list of exceptions.

Protection of shared resources

Protecting individual workstations is not sufficient, however. Data storage systems may be exposed to separate threats. After infiltrating one computer with access to folders on the server, ransomware can attack shared files. Potentially, it can spread throughout the network. That is why we included special protection from encryption in Kaspersky Security for Windows Server.

The Anti-Cryptor task allows you to monitor shared resources and, if you detect questionable file activity in monitored folders, to block the machine involved. You can find step-by-step setup instructions on our support site: http://support.kaspersky.com/12652

But even using all available security technologies doesn’t exempt you or your employees from the basic rules of computer hygiene. For those in need of a refresher, some highlights: Do not launch files attached to messages from unknown sources; do not follow links provided by someone you don’t know; never download cracked software. These indiscreet actions—and others in the same vein—can be utterly ruinous to your company’s finances.

Finally, do not forget to update your security software and databases regularly. Following these recommendations will protect your company from ransomware and many other threats.