While supporting the Windows operating system is not what we do here (anymore) I feel that it’s important to have a clear, step by step method to protect your business. I have compiled this from many other reputable sources but please test on a small scale before deploying to your entire company. I hold no responsibility or liability for the results.
This won't fool-proof your business against malware/ransomware but it adds another layer of protection.
These are some of the things you can check or fix now that will help protect you from ransomware.
As Microsoft is constantly patching there will be updates that could block the exposed vulnerability that the attackers would use to spread the malware.
To keep your Windows system up to date, go here and follow the instructions:
https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date
If you are using a 3rd party service to protect your PC please ensure it’s definitions (that’s it’s database of known threats and protection rules) are up to date.
Do a Google search with “how to update” followed by your software provider ie.
How to update notons security essentials
Enable Windows defender adds another layer to protect against malware being installed on your computer:
This is best practice even in the best of times.
This is why: If you accidentally clicked on a malicious email and your only using a standard account (non-administrator) then the virus won't be able to install itself on your computer or have access to secure areas of Windows.
When Windows prompts you to elevate your account to an admin which has the rights to install, you can then deny the install (DO NOT enter in your username and password) and cancel the request.
Pat yourself on the back and tell your boss you saved them thousands of dollars in ransom payment.
Windows 10
Create a new account:
Change this to an administrator account:
Change your normal account to a standard account:
Windows 7
Create a new admin account:
Change your normal account to a standard account:
Using this new system:
NOTE: You might be asking why are we doing this if the passwords are the same, in this case the passwords are irrelevant, best practice yes, all your passwords must be different. Real World: never going to happen as it’s too hard. We want this to be simple to stop ransomware and other malware/virus’.
Reducing your rights for normal use and Windows asking permissions to install software software for a particular moment in time is the important part. Once malicious software or people have gained access to your computer it’s game over anyway.
Don’t worry too much about understanding this one but rest assured if you are on Windows 7 or 10 and recently patched your computer you don’t need to do this.
BUT please test on a single machine first before doing this on others (what to test is at the end).
For Windows 7
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
For Windows 10
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Restart your computer, test your
If you run into trouble and want to backout of this, you can reverse the changes by entering the below in a command prompt:
For Windows 7
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force
For Windows 10
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Go read a book, you have nothing to worry about. :)
Disclaimer
Please be advised that the information given in this post is “as is”. Even though I have taken great care in preparing this document I take no responsibility for the results of these procedures. You should always consult your network administrator or conduct a small test prior to deploying in your business.
