Exploit:Script/UrlShortcutToFileInZip.BD

Guidance for end users

Take these steps to help prevent malware infection on your device. 

Guidance for enterprise administrators 

Following the mitigation steps below can help prevent ransomware and other malware: 

• Keep backups so you can recover data affected by ransomware and destructive attacks. Use controlled folder access to prevent unauthorized applications from modifying protected files. 
• Harden internet-facing assets and ensure they have the latest security updates. Use threat and vulnerability management to audit these assets regularly for vulnerabilities, misconfigurations, and suspicious activity. 
• Secure Remote Desktop Gateway using solutions like Azure Multifactor Authentication (MFA). If you do not have an MFA gateway, enable network-level authentication (NLA). 
• Monitor for brute-force attempts. Check excessive failed authentication attempts (Windows security event ID 4625). 
• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats. 
• Turn on attack surface reduction rules, including rules that block credential theft, ransomware activity, and suspicious use of PsExec and WMI. To address malicious activity initiated through weaponized Microsoft Office documents, use rules that block advanced macro activity, executable content, process creation, and process injection initiated by Microsoft Office applications. To assess the impact of these rules, deploy them in audit mode. 
• Utilize the Microsoft Defender Firewall and your network firewall to prevent Remote Procedure Call (RPC) and Server Message Block (SMB) communication among endpoints whenever possible. This limits lateral movement as well as other attack activities. 
• Turn on tamper protection features to prevent threat actors from stopping security services.