Ransomware Best Practices

While several routines, protocols and operations can dramatically reduce the exposure of your business to Ransomware attacks, you also need ways to handle the crises once they are detected.

Safety Recommendations for Prevention

• Set Antivirus and anti-malware programs to conduct regular scans automatically.
• Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed, and those who need administrator accounts should only use them when necessary.
• Implement your security incident response and business continuity plan. Ideally, organizations ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.
• Keep all software up to date, including the most recent releases and patches of critical products.

Business Continuity Considerations

• Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure that it works.
• Secure your backups. Ensure that backups are not connected permanently to the computers and networks that they are backing up. For example, secure your backups in the cloud or physically store them offline. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.

Disaster Recovery Plan (DRP) guidelines

• Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.
• Immediately secure backup data or systems by taking them offline. Ensure that backups are free of malware.