It has been observed that the instances of the Ransomware hitting the Servers installed with Sophos Central Server Security Advanced are increasing.
On the Server, CryptoGuard is not enabled by default: A user needs to toggle it on to enable CryptoGuard – in Central > Servers > Policies > Settings > Advanced to toggle on MTD, CryptoGuard and Security Heartbeat. Note that you actually need to uncheck ‘Recommended Settings’ to click on these to make the changes and save. (Something that will likely change in the future ).
Changes required as per below snapshot:
Do’s
a) Real-Time scanning- Local Files: all switches on
b) Real-Time scanning-Internet: all switches on
c) Real-Time scanning-Options [ Detect Malicious behavior: On ; Live Protection: On ]
d) Activate the ‘Server Lockdown’ functionality
Don’t
1. Don’t Enable Macros
2. Don’t keep the infected system plugged to the network. Disconnect it.
3. Don’t fall victim to phished emails.