Ransomware is defined as "malicious software designed to block access to a computer system until a sum of money is paid."
The Smoothwall Filter and Firewall has several methods to protect client devices from threats such as ransomware, and this article will detail some of the methods used to ensure your network remains safe and secure.
Some of the most common attack vectors for ransomware are via phishing emails, email attachments, adverts which contain malicious content, and through infected web pages which redirect users to download malicious software.
To best ensure your network is protected against these threats you should ensure that the following measures are in place.
As an absolute minimum, you should ensure that both the Adverts and Malware and Phishing categories are blocked for all users across your network see our help topic, Creating web filter policies. The Malware and Phishing category is updated on a daily basis to ensure your users are always protected against the latest threats.
HTTPS Decrypt and Inspect
An HTTPS Decrypt and Inspect policy should be in place so that all web content is visible to your Smoothwall Filter and Firewall see our help topic, Creating HTTPS inspection policies. This allows us to perform content analysis on web pages and make better categorization decisions.
Enable antimalware scanning on the Guardian module, and FTP Proxy (as applicable). We use BitDefender’s proven antimalware engine, and frequently updated malware signatures. This will help prevent ransomware executables from reaching the end-user’s workstation.
For best protection you should make sure your Firewall is locked down so that only the necessary ports are open.