Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it's best to prevent them from appearing in the first place.
Override your browser's user-agent
As some exploit kits use your user-agent to tailor the write exploit for your operating system, it pays to trick them by setting the wrong user-agent on purpose. For instance, when using Firefox on Windows, set your user-agent to say "Firefox on Linux" to confuse malware redirectors and exploits.
Use security content to detect ransomware
You'll never entirely be able to stop people from opening a malicious email and being tricked into clicking on a phishing link. That act can open a single file that begins acting like a worm and starts propagating through your IT infrastructure or through that of your organization and wreak havoc. It's critical to have great content so you can start detecting these bugs and squash them before it becomes a problem.
Solid threat intelligence is key
It's critical that you know who your adversaries are - who these groups are, what ransomware they're using and what versions, as well as what command and control infrastructure is being used by various groups that are making those calls. It's also important to understand what the indicators of compromise are so you can set up security content to detect it as your system is being infected.
Don't underestimate the value of continuous monitoring
Look at security vendors with a "products + services" approach. Market-leading security technologies are critical but combined with 24x7 monitoring by security experts is the best approach to securing your IT infrastructure and stopping threats like ransomware. If you have an 9-to-5 business and no one is watching your shop at night, that's a lot of hours for a malicious bug to move through your IT infrastructure.
Have a robust, in-depth backup plan
Before your company is attacked by ransomware, it is important to have an existing backup plan in place so you can access your data. It's imperative that an organization's backup strategy include offline backup, this may require manual processes, but any online backups will be encrypted by attackers, making it useless to the victim. Know the pain points of restoring and recovering data, and make sure that your plan accounts for those pain points. It is important to classify your systems and data when creating your backup plan. Keep in mind which systems and data are most important to your organization and put extra care around the most critical systems in your infrastructure.
Source: CSO Online
Sign up for CIO Asia eNewsletters.