7 Steps to Help Defend Against Conti and PYSA Ransomware

With the increase of recent activity from the Conti and PYSA ransomware, here are a few recommendations and reminders to ensure your organization minimizes its chances of a harmful breach.

Tips for Protecting Against Conti and PYSA Ransomware

  1. Ensure VPNs are configured to log the IP address and username of the person who is using a connection.
  2. Ensure you have a strict system process on new account creation, with alerts if any accounts are created from outside that system, via VPN or remotely performed.
  3. Enable script control blocking on your endpoint security solution. Scripts that are required for operations should be given exceptions.
  4. Ensure that MFA is in place on all admin accounts, accounts that have domain admin level privileges, or elevated privileges.
    1. It is recommended that all user accounts have MFA enabled, but if that is not possible, then at a minimum we advise the admin accounts.
  5. Separate accounts for admin users to perform admin activity. These should be separate from standard user accounts performing standard work like email, web browsing, etc.
  6. Lock down PowerShell to ONLY PowerShell scripts you know and have validated to be known good.
    1. All other PowerShell scripts must be denied until you can verify and validate if they are good or malicious.
  7. Backups: You must have known good backups of Domain Controllers, and all critical important servers, systems, and data. Please make sure you also have a second set of backups off-site, not connected to the local area network. The second set of backups must be remote, not through a VPN, 100% remote from the original source of backup data.

These steps outlined above help you minimize the risk of getting attacked with fast moving malware or ransomware that can execute quickly through PowerShell scripts and other methods that are difficult to detect or stop.

New call-to-action

More Reading

feature image read more
EDR vs MDR vs XDR: How They Differ and Which One is Right for You
The cyber threat landscape is growing faster than ever, and organizations across the globe are struggling to find the protection they...
feature image read more
7 Steps to Help Defend Against Conti and PYSA Ransomware
With the increase of recent activity from the Conti and PYSA ransomware, here are a few recommendations and reminders to ensure your...
feature image read more
BitLyft raises 1M to Power its Cybersecurity Mission
Michigan-based BitLyft Cybersecurity will leverage new funding to meet increasing demand to optimize and automate cybersecurity for...