7 dumb ways to be a ransomware victim, and how to avoid them

Don't make it easy for ransomware attackers. Review your Windows network for these weaknesses now. You might be surprised by what you find.

Ransomware  >  An encrypted system, held ransom with lock + chain, displays a dollar sign.
Tomas Knopp / Getty Images

Ransomware is once again in the news. Attackers are reportedly targeting health care providers and are using targeted phishing campaigns disguised as meeting invites or invoices that contain links to Google documents, which then lead to PDFs with links to signed executables that have names with distinctive words like "preview" and "test".

Once the ransomware enters a system, attackers go after low-hanging fruit left behind on our networks to move laterally and do more damage. Such easy access is preventable and might be the result of an old and forgotten setting or an outdated policy. Here’s how you can check for seven common Windows network weaknesses and keep ransomware perpetrators from embarrassing you and your team.

1. Passwords stored in Group Policy preferences

Did you ever store passwords in Group Policy preferences? In 2014, MS14-025 patched Group Policy preferences and removed the ability to store passwords insecurely but did not remove the passwords. Ransomware attackers use the PowerShell script Get-GPPPassword to obtain left-behind passwords.

Review your Group Policy preferences to see if your organization ever stored passwords in this fashion. Think of any other time that you’ve left credentials behind in a script or batch file. Review your administrative processes for passwords left behind in notepad files, scratchpad locations and other files that are not protected.

To continue reading this article register now

The 10 most powerful cybersecurity companies