1.Backup your data.
The single biggest thing that will defeat ransomware is having a regularly updated backup. If you are attacked with ransomware you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. Always maintain backup & policy.
2. Offline Backup.
Remember that Cryptolocker will also encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, as well as any network, nas or cloud file stores that you have assigned a drive letter. So, what you need is a regular & routine backup, to an external drive or cloud backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup. Always maintain multiple copies of Offline backups.
Maintain up-to-date anti-virus software with antiransomware, and scan all software downloaded from the internet prior to executing.
Disable RDP the Cryptolocker / Filecoder malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely.
Ransomware attacks are becoming more targeted, tailored and stealthy. But they are still capable of wreaking havoc on organizations’ networks, encrypting files and extorting payment for retrieval.
Modern firewalls are purpose-built to defend against these kinds of attacks, but they need to be given an opportunity to do their job. Configure & Maintain the firewalls regularly.
5. Create Awareness about Ransomware
Educate all the users & employees about the ransomware and its negative effects. Create awareness about the data backup & its importance.
How to respond to a ransomware infection
- Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.
- Turn off other computers and devices. Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware
- Immediately report ransomware incidents to your IT Helpdesk or IT Partner.
- Change all system passwords once the ransomware has been removed.