1. Cleanup and optimizing the accounts: we analyzed and deleted the unnecessary accounts and security groups both in the domain and on local servers. We paid particular attention to the accounts of the services which had unreasonably high privileges and limited them to the minimum level required for work. We also changed the passwords to increase the security level.
The actions taken:
2. Closing the external ports: we restricted access to the ports accessible from the outside via DNAT, especially RDP, to exclude possible ways for attacks.
3. Blocking access after multiple unsuccessful attempts to gain access: we made a rule of blocking IP-addresses and accounts after multiple failures to login reducing the risk of being hacked.
4. Configuration and update of the anti-virus software: we deployed and configured anti-virus software on all possible devices, including regular updates of databases and security policies. We did the same with an OS-native Defender.
5. OS security update: we systematically made security updates for Operational Systems fixing the known vulnerabilities.
6. Two-factor authentication: we implemented the two-factor authentication to get access on the key protocols enhancing the protection against an unauthorized access.
The result:
These measures let significantly improve the protection system in order to shield the clients’ infrastructure against the ransomware attacks. We reduced the risk of an unauthorized access and increased the overall safety level. The clients got a good security protection system which minimized the possibility of successful ransomware attacks and increased the resilience of their infrastructure to the external threats.