{"id":5379,"date":"2016-04-04T16:44:14","date_gmt":"2016-04-04T16:44:14","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5379"},"modified":"2020-02-26T11:08:31","modified_gmt":"2020-02-26T16:08:31","slug":"prevent-ransomware-from-destroying-your-fileshare","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/prevent-ransomware-from-destroying-your-fileshare\/5379\/","title":{"rendered":"Prevent ransomware from destroying your fileshare"},"content":{"rendered":"<p>Ransomware seems\u00a0to be everywhere, and a good deal of cybersecurity-related\u00a0forums are abuzz with discussions how to deal with it. Ransomware\u00a0avoids signature detection, its encryption is almost always unbreakable, and it does not necessarily need\u00a0administrative rights to cause damage. It affects files stored on the network shares, disables restore points, removes shadows copies, and tracks down and wipes your backups \u2013 in other words, all imaginable\u00a0damage. Time to surrender? Not really.<\/p>\n<p>At Kaspersky Lab, we have a great preventive solution that not only detects ransomware at the stage of infection, but also if someone runs the file, the tool can spot the malicious behavior and then block the action and roll back the changes. Some additional information can be found at the following links:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/images\/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf\" target=\"_blank\" rel=\"noopener nofollow\">System Watcher module<\/a><\/li>\n<li><a href=\"http:\/\/media.kaspersky.com\/pdf\/Kaspersky_Lab_Whitepaper_Cryptoprotection_final_ENG.pdf\" target=\"_blank\" rel=\"noopener nofollow\">Cryptomalware countermeasures subsystem<\/a><\/li>\n<\/ul>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/V_PGnouFs44?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>We have seen some scenarios where this would not work, though. Perhaps the worst one is when you have a network share and suddenly an infected machine on the network starts encrypting the files on the share drive. Even if you were to monitor the server, there\u2019s nothing to detect \u2013 the server itself is not infected, so you can scan the memory and files and the share all you want \u2013 the malware will keep doing its job, probably laughing hysterically looking at your desperate attempts to prevent the damage.<\/p>\n Image by dc_slim \/ Shutterstock.com\n<p>This is the exact scenario that we tried to address with the new update of Kaspersky Security for Windows Server (ex. Kaspersky Security for Windows Server Enterprise Edition). The new version monitors the activity on the share, and in case it believes a machine is running malicious activity (read: encrypts your company data),\u00a0it cuts the machine off the network for 30 minutes and notifies the administrator so you\u00a0actually don\u2019t have to unplug all the machines and plug them in one by one to identify the infected one.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/r8OV3x-L5Wo?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Remember the\u00a0 multi-layered approach to security. Backup religiously. Stop phishing at your email server or web browser. Stop known malware (signatures are the cheapest way to do so, so show them some love, too). Check with cloud intelligence. Let it boil a little in a sandbox. Let your firewall do some jobs for you.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/QWzDKBU0A6k?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Make sure application privilege control stops applications from accessing your personal data unless explicitly allowed. Or go all the way and switch to\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=YnR7g_lWmPk\" target=\"_blank\" rel=\"noopener nofollow\">Default Deny mode<\/a>. Monitor the processes you\u2019ve allowed to run for exploitation attempts and malicious activities. Roll back malicious changes if anything else failed. Make sure every node on the network is protected \u2013 be it proxy server, mail server, SharePoint server, storage device or a file server \u2013 you don\u2019t want malicious payload sitting on your network waiting to be assembled and launched by a malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How you can prevent Ransomware on your file share with Kaspersky Lab enterprise solutions. <\/p>\n","protected":false},"author":1475,"featured_media":15429,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2403,2404,420],"class_list":{"0":"post-5379","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-file-share","10":"tag-protection-against-ransomware","11":"tag-ransomware"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/prevent-ransomware-from-destroying-your-fileshare\/5379\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/prevent-ransomware-from-destroying-your-fileshare\/8689\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/prevent-ransomware-from-destroying-your-fileshare\/5379\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/prevent-ransomware-from-destroying-your-fileshare\/5379\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/file-share\/","name":"file share"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/1475"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5379"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5379\/revisions"}],"predecessor-version":[{"id":33665,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5379\/revisions\/33665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15429"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}