It has been about a year since we added new material into the Ransomware Prevention Kit. That’s a long time and it’s because Ransomware is somewhat a mature industry now. In the 5 years that we’ve been fighting this nasty with IT best practices we’ve noticed a certain stability. The attacks methods are varied but they really boil down into a few basic concepts that you need to avoid Ransomware.
- An educated user population
- Avoidance of Phishing
- Near immediate patching of Windows, Adobe and Flash
- Use of latest versions of applications
- Good IT practices to protect backup, avoid unwanted applications and prevent permission sprawl
Another thing has changed in the last 5 years. Computers are now more frequently not joined to on-premises domains. Instead they are stand-alone or joined to Azure AD. This on top of the announcements that Group Policy is now considered legacy technology and Software Restriction Policies are no longer being actively developed which in Microsoft speak tells us that both of these technologies are being phased out, means that we have to change too.
To that end you are going to find .reg, .pol files are the predominate means to managing Windows 10 computers. But we’ve also still supplied the old software restriction group policies because they still work. We’ve just put the new configurations into a different format.
In the photo above you see the list of files that reside inside of the zip file you’re going to find in the kit called Win10RansomPreventionFiles.zip. Note the text filed called Read the PDF’s first. Guess what that means? It means that you really, really, really need to read the two PDF files first in order to understand what the local group policy and reg keys are doing and how to customize them for your use. The PDF called Ransomware and Windows 10 is a long article detailing out all of the settings, what they do and how to manually deploy them. Once you understand that, you can then move to using the pre-built tools that we provided so you don’t have to reinvent the wheel.
There’s a second PDF that you should also read. Preventing ransomware on Windows 10 depends on using Windows Defender so please read the Understanding Windows Defender PDF. Especially if you think you don’t care about Defender. Many of us did’t like Defender and I want you to rethink that as we have.
I hope that you enjoy these new additions to the kit. I’ve copied other relevant articles into the zip file for convenience mostly. They aren’t new but they go along with Windows 10 and represent a tiny start to a reorganization of the materials to make them easier to find and consume.
One last thing, as you know we raised money from the donations for the kit to launch a scholarship fund. It is working. We are providing scholarships, changing lives and improving our industry at the same time. You should be proud of yourself for your contribution. Here’s a note from a recipient and if you’d like to make another contribution, your money is welcome. You can make another donation here
Would like to say “Thank You” and make a donation
Greetings Amy, I was fortunate to be one of the recipient of a scholarship through Third Tier a while back for the completion of my Security+ certification. It came at a time where my life, let alone my career, was up in the air. Getting that cert gave me the confidence to pursue my CCNA Cyber Ops which led to a new position as an Information Security Analyst with a great organization where I am now on the fast track to becoming the Information Systems Security Officer. So, I want to truly say thank you!! I appreciate the work you are doing with Third Tier and I would like to pay it forward with a $500 donation. How can we facilitate this? Best regards, LaDon Williams
If you need need to purchase the Ransomware Prevention Kit you can do that here. If you would like to send us some more money for our work in the kit and keep funding this project you can do that too. Please do that here
About Third Tier
Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.