Ransom:Linux/ViceSociety.D!MTB

Guidance for individual users

• Keep your operating system and antivirus products up to date.
• Go to aka.ms/ransomwaresolutions for general information and frequently asked questions about ransomware, defense against ransomware, and ransomware incident response playbook.
• To learn more about preventing ransomware or other malware from affecting individual devices, read about preventing malware infection.

Guidance for enterprise administrators

Ransomware more often attacks enterprises than individuals. Following these mitigation steps can help prevent ransomware attacks:

• Use Microsoft Defender Vulnerability Management to assess your current status and deploy any updates that might have been missed.
• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Use the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Turn on attack surface reduction rules, including rules that block ransomware activity and other activities associated with human adversaries.
• Block executable files from running unless they meet a prevalence, age, or trusted list criterion
• Block execution of potentially obfuscated scripts
• Block process creations originating from PSExec and WMI commands
• Block credential stealing from the Windows local security authority subsystem (lsass.exe)
• Use advanced protection against ransomware