What is Ransomware Prevention and Protection?
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable1. This is often done using malicious code to rapidly encrypt files with public-key RSA encryption, and then deleting those files if their ransom demands are not met. The following steps can help you to defend against ransomware and limit the effects of ransomware:2
Backups. Back up data regularly, ensuring that backup files are appropriately protected and stored offline. Cloud services can help to mitigate a ransomware infection as many retain previous versions of files which you can roll back to.
Incidence response plans. Maintain incident response plans that define roles and communications to be shared in the event of a ransomware attack. Include a list of contacts, including partners, vendors, and stakeholders that will need to be notified. Include plans for disaster recovery, regulatory compliance, and possible ransomware payments.
Review port settings. Many ransomware attacks target Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Determine whether your organization needs to keep these ports open, or whether connections could be limited to trusted hosts. Review these settings on-premises as well as on the cloud.
Endpoints. Ensure that endpoints have secure configuration settings in order to limit your organization’s threat service and to close security gaps.
Keep systems up to date. Confirm that all of your organization’s operating systems, software, and applications are updating regularly with the latest security patches. Have this done automatically, if possible.
Security awareness training. Human risk management (HRM) is a strategy for businesses to understand, reduce, and monitor their employee IT security risks. An important aspect of HRM is providing IT security awareness training so that employees are able to identify and address threats and to ensure that they have the necessary knowledge and experience needed to avoid threats. The following are IT security training topics to include in your HRM strategy: email scams, malware, password security, physical security, mobile device security, internet habits, social media, and data management.
Implement an IDS. An Intrusion Detection System (IDS) compares network traffic logs to signatures that detect known malicious activity in order to identify suspicious activity on the network. A robust IDS will update malicious signatures often and will quickly alert you to potential malicious activity.
1 cisa.gov, 2021, “What is Ransomware?”
2 cisecurity.org, 2022, “7 Steps to Help Prevent & Limit the Impact of Ransomware”