A Case for Using Group Policy to Prevent Ransomware from Running

You should set up a Group Policy to prevent ransomware from running in your environment. Here’s why…

Stopping malicious software from penetrating your network is a constant battle that requires several layers of protection. The biggest chink in your armor, no matter how you slice it, will always be your end users. Malicious software is often accidentally downloaded and installed by unsuspecting end users. In some cases, they may purposely download apps for streaming, games, coupon savers or other application that open the systems up to additional vulnerabilities.

Encryption malware is the most profitable of all malicious software. These bad actors assume (often rightly) many organizations don’t have updated backups or a recovery process. Many of these malicious installers run from the downloads and other temporary directories on your PC. Trend Micro and other end-point protection products do an excellent job of blocking such software, but that should not be your only line of defense. While antivirus software and external DNS filtering may prevent download or installation, creating a policy to block installers once they have penetrated the network can stop the installation and spread of malware.

The creation of a custom Windows Group Policy Object (GPO) to stop installers from running from the typical malicious directories is another effective layer of defense. You can also block users from accidentally or purposely downloading and installing software. Yes, you might need to circumvent when necessary for meeting tool applications that require a small installer. While this policy also may need disabling when it’s time to deploy large batches of updates, this small added administrative effort is well worth the time saved if disaster strikes.

If you want guidance on the creation and deployment of a GPO to block ransomware from running, we can help. Send us an email at info@mirazon.com or call us at 502-240-0404!