Falling prey to ransomware is unfortunate and frustrating. If you do fall victim to an attack, the FBI recommends not paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization will get its data back. What reason do the cyber terrorists have for returning the information?
What's the best thing you can do to fight off ransomware attacks?
10 tips to help prevent ransomware attacks
Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system)
Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary
Configure access controls, including file, directory, and network share permissions appropriately. If users only need to view specific information then don’t give them write-access to those files or directories
Disable macro scripts from office files transmitted over e-mail
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs)
Back up data regularly and verify the integrity of those backups regularly
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.