ITAM and Ransomware

Is anyone participating in their company’s efforts to respond to or protect against the threat of Ransomware? ITAM can help preparedness efforts by knowing how to efficiently respond in a worst case scenario event - having a process to mass migrate affected users to unaffected computers - but what are ways we can help protect against the threat?

1 Like

Definitvely, Ransomeware like any other malware are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment or a downloadable file. Defining and enforcing Software deployment only from company authorized sources defintively can help to prevent malware infection and at the same time re-enforce complaince via properly designed Software Request process. To prevent malware infection, it is important to design thoughtfully the Software Request & Deployment system of controls which includes directive , detective and deterrent controls. In instance, Ransomeware can and should be used in user awarness campaigns/trainings as an example of possible consequences of not respecting the established process to request and deploy Software.

1 Like

As may be of interest… Canadian federal government has just published a guide Ransomware Playbook


We are trying to mitigate the impacts of ransomware by requiring all new computers to be “certified endpoints”, which means that they must meet certain criteria, including: Our enterprise antivirus solution installed and active; asset management agent installed; drives are encrypted; user documents on cloud storage (we use OneDrive). The latter two are the most helpful here. If the drive is encrypted, not only does it protect our organization’s IP, but may help because some ransomware uses an encryption step that may fail if the drive is already encrypted. More importantly, though, is that we are actively encouraging and migrating users to cloud storage vs local storage. Since OneDrive performs snapshotting and rollbacks are relatively easy, it protects users’ and organization’s data.

The larger challenge is that we aren’t yet able to require users to use cloud storage because it is difficult to enforce and difficult to determine if a machine is in compliance. We’ve looked at some methods around determining if a machine is in compliance and we can look at certain attributes, for example redirecting the default Documents location to OneDrive in user settings and querying the device to verify that is in place. Restricting documents stored on local drives is problematic and complicated from a technical standpoint, not to mention the policy and enforcement challenges.

1 Like