Ransomware prevention best practices

  •  
     
  • -Select-
By clicking 'Download PDF', you agree to processing of personal data according to the Privacy Policy.

Thank you!

The PDF link has been sent to your email.

We hope you enjoy reading and sharing these best practices.

Ransomware is a sophisticated class of malware in which data is held hostage until a ransom is paid. Some of the most common ways ransomware infiltrates organizations is through phishing emails, corrupted websites, and malicious extensions. By adopting proactive security measures and developing a well-structured ransomware response plan, organizations can significantly reduce the risk of falling victim to these extortion-driven cyberattacks. Here are some effective strategies to protect against ransomware, methods for prevention, and steps for swift recovery in the unfortunate event of a ransomware attack.

8 best practices to protect against ransomware

     
  • Prevention plan
  • Response plan
 

Back up your files

Use the 3-2-1 backup rule: Keep at least three separate versions of data (one original and two backups), on two different storage types, and at least one copy offsite.

 

Patch vulnerabilities

Reduce the vulnerabilities in your operating systems, browsers, antivirus software, and other applications by regularly updating them.

 

Employ email filtering

Block malicious executables, spam, phishing, and other common email attacks that ransomware is known to use.

 

Provide the least amount of privilege possible

Use robust access management to restrict unwarranted access and reduce the number of access points through which malware can enter your organization.

 

Educate end users

Conduct periodic training for your employees on how to identify and avoid common ransomware pitfalls such as malvertisements, phishing emails, etc.

 

Use an intrusion detection system

Cut off ransomware attacks in their early stages using continuous monitoring to detect signs of anomalous or malicious activity in real time, allowing you to respond instantly.

 

Logically separate networks

Split your network into multiple logical segments so that you can isolate it in the event of a ransomware attack.

 

Respond effectively after a ransomware attack

Response plan

 

Disable infected systems

Isolate and disconnect infected systems immediately from the network to prevent further spread and minimize damage.

 

Report the attack

Notify the appropriate internal parties (incident response team, legal counsel, and shareholders) and external parties (law enforcement, compliance agencies, etc.) about the ransomware incident promptly.

 

Assess patient zero

Determine the user account with which the attack was initiated, and decide if the user's permissions and privileges need to be revoked to prevent future attacks.

 

Identify the ransomware variant

Check the file extensions, ransom note, and coding style to identify the type and variant of the ransomware.

 

Restore backups and recover data

Use verified and clean backups, preferably one from an offsite location, to restore affected systems and data to their pre-attack state.

 

Identify the root cause

Start a post-incident response analysis to find out how the ransomware breached the system, which vulnerabilities were exploited, and how to prevent future occurrences.

 

Temporarily pause maintenance tasks

Disable regular maintenance tasks, such as deleting temporary files, analyzing disk usage, carrying out updates, etc., until the investigation is complete as they may interfere with forensic analysis.

 

Create a prevention and response checklist

View checklist

How to prevent ransomware attacks in your organization

Monitor network and system activity for unusual patterns, such as a sudden increase in file modifications or encryption attempts. Advanced threat detection tools like DataSecurity Plus can identify such ransomware signatures and behaviors early on, and help you set up an alert and response system to shut down infected systems right at their inception.

See how DataSecurity Plus' automated ransomware response mechanism works in action.

Get DataSecurity Plus easily
installed, configured and running within minutes.

Get your free trial  
Email Download Link