How to Block Ransomware and Malware in Windows and Office
Earlier this month, Microsoft announced two new security settings that prevent known vulnerabilities in the Windows operating system and Office productivity suite.
First, an updated security default in Windows 11 will help block ransomware attacks that steal passwords and access remote desktop protocol (RDP) endpoints. RDP allows virtual users to access and control a computer through secure, reliable channels. But these channels are often exploited by cybercriminals, who may use them to unleash ransomware infections.
Last month, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury pinpointed a particularly damaging form of RDP-enabled ransomware that’s been actively targeting health care and finance businesses since May 2020. The agencies’ collective warning urged computer users to beef up protections for RDPs and the virtual private networks (VPNs) used to connect to them.
The second new cybersecurity enhancement deployed by Microsoft is a block on default macros commonly found in Microsoft Office applications. Macros provide a powerful automation tool for everyday tasks in Excel, Word, and Outlook. In recent years, Microsoft reported a surge in malware disguised inside these macros, however, causing the company to disable them by default.
Now, when common email attachments like Word documents, Excel spreadsheets, PDFs, and PowerPoint slideshows are opened, a request to turn on macros will pop up—and that request is easily exploitable by hackers. Microsoft’s new default block on untrusted macros provides an extra layer of protection against a technique that actively tries to trick end users into clicking a malicious link. When that happens, malware and ransomware can be unleashed on computers, networks, and connected drives, encrypting data and eliminating easy access to everyday files.
How Will These New Security Enhancements Be Delivered?
The new account lockout policy that protects users from RDP-enabled ransomware infections and brute-force password attacks will roll out first on Windows 11, Microsoft’s newest release of the popular operating system. According to Dave Weston, vice president of OS Security and Enterprise at Microsoft, the default feature will also eventually land in Windows 10 via a future security update. Windows 10, which is installed on nearly 75% of all desktops worldwide, currently offers the account lockout policy as an optional setting but not a default one.
Microsoft’s parallel announcement about the rollout of a default macro block in Microsoft Office will be pushed to all versions of the productivity suite, including Office 2021, Office 2019, Office 2016, and Office 2013, in the coming weeks. This adjustment will most likely be part of Microsoft’s weekly or monthly security patch update, which is typically rolled out via wide distribution.
Will My Versions of Windows and Office Be Protected?
If you work with a trusted IT provider who automatically handles security patches and software updates for your business, the answer is probably yes. At CMIT Solutions, our experienced technicians review and deploy needed patches behind the scenes and during off-hours so that your employees won’t be impacted by downtime or productivity hiccups. This is the best way to ensure that desktops, laptops, servers, routers, printers, smartphones, and other devices remain safe around the clock.
If you don’t have a technology partner in your corner, the answer is unclear. Depending on your version of Microsoft Windows and Office and your company’s licensing situation, you may or may not have automatic updates turned on. You may have to manually approve certain software patches that fix known vulnerabilities—and you may be the kind of computer user who avoids those “update now” notifications, seeing them strictly as frustrating inconveniences. If you’re not sure whether your version of Microsoft Windows or Office is protected, contact a trusted IT provider immediately.
What Else Can I Do to Keep My Systems Safe?
CMIT Solutions recommends the following five tips:
1) Make sure none of your applications or operating systems are outdated. Microsoft has become more aggressive about announcing “end of life” dates well in advance of the time that support will no longer be extended to certain apps. Still, the threat is serious: Even though support for Windows 7 ended two and half years ago, in January 2020, more than 10% of all PCs worldwide still use it. In 2017, just a few months after support for Windows XP ended, the massive ransomware attack WannaCry took advantage of an unpatched vulnerability to attack hospitals, halt operations at multinational corporations, and interrupt supply chains, eventually exacting more than $5 billion in economic damage. Don’t get caught red-handed because you avoided upgrading from a legacy application that’s reached its end of life.
2) Turn on multi-factor authentication (MFA). This is the most straightforward way to avoid ransomware—particularly the kind that steals passwords and tries to infiltrate remote desktop protocols. MFA adds an extra step to the login process, requiring a user to enter their password along with a unique code (typically delivered by text or email) to confirm their identity. MFA can mitigate the impacts of a weak or reused password being stolen and provide an extra line of defense for email accounts, social media applications, and online identities,
3) Don’t panic and upgrade to a new OS without thinking things through first. Microsoft often highlights security issues as a way to boost upgrade numbers and convince even more users to flock to a new OS like Windows 11. But nine months after its rollout, Microsoft is still fixing small issues with Windows 11, strengthening the common argument that most users should wait a year to allow the kinks to be worked out of new software. If you do want to give Windows 11 or the latest version of Microsoft Office a try, consider installing it on just one computer first so you can explore new features at your own pace—without disrupting day-to-day operations for everyone at your business.
4) Work with an IT provider to discuss long-term upgrade plans. If you have a trusted IT partner on your side, talk to them about Windows 11 and Microsoft Office first. They’ve probably helped clients in different industries upgrade—and they can probably give you a rundown of the pros and cons of doing so. With that knowledge, you can formulate a smart upgrade plan that takes into consideration the age of your computers, your budget for licensing costs, and your reliance on any legacy applications that are a must for day-to-day work but might not yet be compatible with new operating systems.
5) Beware of phishing emails that take advantage of upgrades or security concerns. Big cybersecurity news can be confusing, especially for small to medium-sized businesses who just want their computers to keep working. Hackers often capitalize on such current events, sending out fake emails or text messages that claim to come from Microsoft, other software providers, and even IT departments. These communications may include links to free upgrades or requests to confirm login credentials, but typically they’ll redirect users to malicious sites or deploy malware or ransomware on your computer. Microsoft’s licensing verification process never occurs via email or text message—and, with the help of a trusted IT provider, you can rest assured that any upgrades will be deployed safely and securely.
Over the last 25 years, CMIT Solutions has helped thousands of clients across North America move from one version of Windows using a cautious, budget-conscious approach to upgrades. If you need help understanding new software settings or confirming whether cybersecurity protections are in place on your computers, contact us today. We offer comprehensive IT support that solves short-term problems and sets you up for long-term success.