If you support a Microsoft Windows Server environment and are looking for some simple strategies to protect against Ransomware, you should consider the following:
- DNS filtering services such as Zscaler and ThreatSTOP.
- Removing Local Admin rights from your users.
- Implementing File Server Resource Manager on your file servers and creating a file screen to protect against encryption and alert when user activity looks like Ransomware activity. (https://gallery.technet.microsoft.com/scriptcenter/protect-your-file-server-f3722fce)
- Protect your endpoints with group policies to restrict executables from running from your temp directories and %appdata%.
Obviously there are many options for expanding the protection, but I will save that for future articles… this is a first step and part of your overall defense in depth measures.