Ransomware Prevention and Response Checklist — LiveOnNetwork
Ransomware Prevention and Response Checklist — LiveOnNetwork
Preventive measures at the user level
Conduct security awareness training and educate your end users about ransomware attacks.
Train your end users to spot and report phishing emails containing malicious attachments
Preventive measures at the software level
Ensure your firewalls are operational and up-to-date at all times.
Logically separate your networks
Employ a strong email filtering system to block spam and phishing emails.
Patch vulnerabilities and keep all your software updated.
Set up rigorous software restriction policies to block unauthorized programs from running.
Keep your antivirus fully operational and up-to-date.
Conduct periodic security assessments to identify security vulnerabilities.
Enforce the principle of least privilege.
Disable Remote Desktop Protocol (RDP) when not in use
Disable macros in your Microsoft Oce files.
Use a strong, real-time intrusion detection system to spot potential ransomware attacks.
Preventive measures at the backup level
Back up your files using a 3–2–1 backup rule, i.e. retain at least three separate copies of data on two diffrent storage types, with at least one of those stored online.
Ensure that you back up critical work data periodically.
Enforce regular checks for data integrity and recovery on all your backups.
Time-sensitive reactive measures
Shut down infected systems immediately.
Disconnect and isolate infected systems from the network.
Isolate your backups immediately.
Disable all shared drives that hold critical information.
Issue an organization-wide alert about the attack.
Contact your local law enforcement agency and report the attack.
Analysis-based reactive measures
Determine the scope and magnitude of an infection by identifying the type and number of devices infected, as well as what kind of data was encrypted.
Identify the threat vector used to infiltrate your network.
Mitigate any identified vulnerabilities.
Check if a decryption tool is available online.
Determine the type and version of the ransomware.
Conduct root cause analysis.
Business continuity reactive measures
Restore your files from a backup.
8 best practices to prevent ransomware
Back up your files
The most effective way to handle ransomware attacks is to use the 3–2–1 backup rule: keep at least three separate versions of data on two different storage types with at-least one offsite.
Educate end users
Regularly train your employees on how to identify and avoid common ransomware pitfalls such as malvertisements, phishing emails, etc.
Patch vulnerabilities
Reduce the vulnerabilities in your operating systems, browsers, and other applications by regularly updating them.
Use an intrusion detection system
Cut off ransomware attacks in their early stages using continuous monitoring to detect signs of anomalous or malicious activity in real time.
Employ email filtering
Block malicious executable, spam, phishing emails, and other methods ransomware is known to use.
Whitelist applications
Add acceptable software to your whitelist and block unauthorized programs from running.
Provide the least amount of privilege possible
Use robust access management to restrict unwarranted access and reduce the number of access points through which malware can enter your organization.
Logically separate networks
Mitigate data loss in the event of a ransomware attack by separating your networks according to task or department.
Originally published at https://www.liveonnetwork.info.
