Ransomware is defined as "malicious software designed to block access to a computer system until a sum of money is paid."
The Smoothwall Filter and Firewall has several methods to protect client devices from threats such as ransomware, and this article will detail some of the methods used to ensure your network remains safe and secure.
Some of the most common attack vectors for ransomware are via phishing emails, email attachments, adverts which contain malicious content, and through infected web pages which redirect users to download malicious software.
To best ensure your network is protected against these threats you should ensure that the following measures are in place.
Web Filter
As an absolute minimum, you should ensure that both the Adverts and Malware and Phishing categories are blocked for all users across your network. See Creating web filter policies. The Malware and Phishing category is updated on a daily basis to ensure your users are always protected against the latest threats.
HTTPS Decrypt and Inspect
Add a HTTPS Decrypt and Inspect policy so that all web content is visible to your Smoothwall Filter and Firewall. This allows us to perform content analysis on web pages and make better categorization decisions.
Antimalware
Enable antimalware scanning on the Guardian module, and FTP Proxy (as applicable). This will help prevent ransomware executables from reaching the end-user’s workstation.
Firewall
For best protection you should make sure your Firewall is locked down so that only the necessary ports are open.