www.belgium.be Logo of the federal government
Ransomware

Implement adequate protection in place today

The number of ransomware victims in Belgium is increasing. In recent weeks, companies, municipalities and schools have announced that they have been hit by ransomware, which has seriously disrupted their daily activities. Since the right protective measures can make your organization resilient when facing a whole range of problems, we will list the most important measures to be taken.

1. Provide basic protection for networks and devices that have been compromised

  • Protect all devices by equipping them with up-to-date antivirus software as well as using specific protection against ransomware.
  • Make sure to install regular updates of your computer systems. Be aware of the programs installed on your devices, always keep an eye on potentially vulnerable applications and install patches as soon as possible. Regularly updating or installing patches are steps that need to be integrated into an internal process.
  • Backups are critical to restoring affected systems after a ransomware incident. Backing up all vital files and systems is the best insurance against ransomware. It goes without saying that backups must be kept offline. Always test the procedure for restoring backups.

2. The best firewall is the user.

  • If well trained, your organization's employees can play an important role in the prevention and early detection of a cyberattack.
  • Invest in the training and awareness of all employees. Teach them the basics of cybersecurity.
  • Teach employees how to identify and report phishing cases quickly.

3. Ensure that intruders always find the door closed

  • Detect vulnerabilities and fix them.
  • Make sure your remote access is secured. Install a VPN so that teleworkers can work securely on the network from home.
  • Restrict administrator rights. Each user on the network should have custom permissions, which should be checked regularly. Apply the "least privilege principle": every employee should have access to the things they need, nothing more. Make sure domain administrators use strong passwords and 2FA where possible and only use their account for internal administrator tasks.
  • Use a centralized logging system and make sure your logs are also back-uped offline.
  • Secure Powershell properly. This is an important link that is often abused by malicious actors. Set an Execution policy limiting the use of Powershell to a minimum.
  • Use application whitelisting so that only approved programs can run on your computer systems.

4. Remote Desktop Protocol

  • Use strong passwords and two-factor authentication (2FA) if possible.
  • Consider whether it is appropriate to leave RDP open on systems and, if so, limit connections to specific, trusted hosts.
  • Place any system with an open RDP port away from a firewall and ask users to use a VPN.
  • Limit the number of users who can use RDP and enable Network Level Authentication (NLA) if possible.
  • Update the RDP software by always installing the latest versions.
  • Have a lockout policy of 3 minutes for example after 3 wrong login attempts.

Tools: