Peter Nikolaidis is an information security professional based in Cambridge, MA. He holds several information security certifications, including the CISSP. In his spare time, he enjoys practicing martial arts and yoga, mountain biking, and thinking about ways to protect the innocent… often from themselves. Connect with Peter on LinkedIn.
10 Critical Steps to Survive a Ransomware Attack, Step 9: Allow Only Whitelisted Applications
Note:this step takes some effort, and you do not want to tackle it yourself without the help of a competent IT person. That said, it is a very,very effective way to stop ransomware and other malware dead in its tracks.
By default, computers are “general purpose devices.” This means that, even if you purchased a new computer with one thing in mind, like running payroll, it can do several other things – like email, online shopping, surfing the web, playing games, and… downloading malicious programs to eat your data.
Whitelisting is a simple concept: your computers are configured to only run previously-authorized applications. This is an example of the principle of least privilege. Do you have keys to your home? Sure. Does your next door neighbor? Possibly, if you know and trust them, and want them to hold a backup in case you get locked out. Does everyone on the street have keys to your house? Probably not.
Similarly, if a computer has a specific function, it makes sense to lock it down in such a way so that it can only do what it is required to do. Think of these policies as a train tracks – there’s no worry that the Red Line train to Ashmont is going to somehow wind up at Wonderland.
So if you only need to run Word, Excel, and Outlook to do your job, your computer will only run Word, Excel, and Outlook. This does take some work and fine-tuning to get it right, and you need to work closely with your IT provider to make sure that nothing is overlooked, but once you’ve taken these steps, your computer is dramatically more secure because its exposure to harmful programs is significantly reduced. Along with this, make sure your systems are configured to only run programs from authorized locations. This means you will stop yourself (and other users) from running programs unless they are “in the right place,” on the right system. Because many malware programs run directly out of your Downloads or temporary (email and browser) folders, preventing any programs found here from running will stop many malware programs in their tracks.
This also makes sense from an operations perspective. Should a machine on the production floor be accessing HR or payroll records? Probably not!
There are several third-party applications to enable whitelisting, and a competent system administrator can probably do the same thing with tools built in to your Windows or Macintosh operating systems. Regardless of what route you choose, start the conversation today by asking your IT provider “is application whitelisting something we should consider?“