Ransomware is a type of malware that attempts to deny access to a user's data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.
What can you do?
- Create, maintain, and exercise a basic cyber incident response plan.
- Create and maintain and communications plan that includes response and notification procedures for a ransomware incident.
- Conduct regular vulnerability scanning.
- Regularly patch and update software.
- Ensure devices are properly configured and security features enabled.
- Maintain best practices for remote desktop services.
- Consider using an intrusion detection system.
- Have a cybersecurity awareness plan to keep employees up to date on phishing, malware and other common ransomware avenues.
- Use multi-factor authentication.
- Apply principle of least privilege to all systems and services.
- Keep network logs and analyze activity.
Want to learn more?
Ransomware: What It Is and What to Do About it
MS-ISAC Security Primer: Ransomware
MS-ISAC Ransomware: Facts, Threats, and Countermeasures