AnswerRansomware does not infiltrate the company infrastructure from email, but also from web. Over the past months we have seen various clever ways how such malware has been distributed. One of the most popular that is seen in terms of email is that email received contain a Trojan which when executed by users would start downloading the actual ransomware. To make things a bit more complicated such Trojans are using vulnerabilities in the existing systems/software as well as these are what is known as polymorphic malware. This means that the variations of the malware are totally different from the parent making the detection much more complex.
In terms of GFI MailEssentials we can suggest:
- Companies should get a subscription to the Unified Protection. Most of ransomware does not infiltrate as malware but as Spam email (eg via a phishing link). Thus to ensure all around blocking protection we suggest to use Unified Protection for GFI MailEssentials for both anti-spam and anti-malware.
- Additional AVs are important. AVs block malware in different methods and have different response times to malware.
- Use the default filtering rules. To streamline install procedures GFI MailEssentials comes preset with all that is required to get up and running in minutes. Changing the filter levels or priorities can lower performance
- Enable the default content filtering rules. Default content filtering rules are available to block certain files such as exe, com, scr and bat files. Such rules should be enabled or alternative to them put in place.
- Refrain from using Google Open DNS (18.104.22.168 or 22.214.171.124). This DNS method although free does throttle on high requests leading to spam getting into the company network. Use DNS servers from your Internet Provider instead.
- Ensure the latest GFI MailEssentials build is installed.
- Ensure all GFI MailEssentials patches are installed (General Settings > Product Updates)
- Ensure all definitions and engines are up to date. (AVs, SpamRazer, AntiPhishing) (Dashboard > Updates).
Additionally, securing a company's network from such emails with products such as GFI WebMonitor is crucial. Patching the software via solutions such as GFI LanGuard ensures no known vulnerabilities are present, as well as having desktop AV solutions to block and stop any malware that executes on the machines.