blue shield with circuit board

7 Steps to Help Defend Against Conti and PYSA Ransomware

With the increase of recent activity from the Conti and PYSA ransomware, here are a few recommendations and reminders to ensure your organization minimizes its chances of a harmful breach.

Tips for Protecting Against Conti and PYSA Ransomware

  1. Ensure VPNs are configured to log the IP address and username of the person who is using a connection.
  2. Ensure you have a strict system process on new account creation, with alerts if any accounts are created from outside that system, via VPN or remotely performed.
  3. Enable script control blocking on your endpoint security solution. Scripts that are required for operations should be given exceptions.
  4. Ensure that MFA is in place on all admin accounts, accounts that have domain admin level privileges, or elevated privileges.
    1. It is recommended that all user accounts have MFA enabled, but if that is not possible, then at a minimum we advise the admin accounts.
  5. Separate accounts for admin users to perform admin activity. These should be separate from standard user accounts performing standard work like email, web browsing, etc.
  6. Lock down PowerShell to ONLY PowerShell scripts you know and have validated to be known good.
    1. All other PowerShell scripts must be denied until you can verify and validate if they are good or malicious.
  7. Backups: You must have known good backups of Domain Controllers, and all critical important servers, systems, and data. Please make sure you also have a second set of backups off-site, not connected to the local area network. The second set of backups must be remote, not through a VPN, 100% remote from the original source of backup data.

These steps outlined above help you minimize the risk of getting attacked with fast moving malware or ransomware that can execute quickly through PowerShell scripts and other methods that are difficult to detect or stop.

Jason Miller

Jason Miller, Founder and CEO of BitLyft Cybersecurity, has dedicated his 20-year IT career, including co-founding SaaS pioneer Reviora, to removing cybersecurity barriers for mid-sized enterprises. Establishing BitLyft in 2016, Jason set out to unburden security teams with innovative, approachable, and affordable solutions, a vision which has made BitLyft a respected managed detection and response provider. Outside his cybersecurity pursuits, Jason is an avid tree farmer and outdoor enthusiast, planting nearly 300 trees on his ten-acre plot and finding joy in hiking, hunting, and driving his white Tesla Model 3. His diverse passions mirror the balanced blend of expertise, dedication, and joy he brings to BitLyft.

More Reading