Ransomware Attack Protection

What can I do to prevent Ransomware from getting into my computer?

Infections can cause serious damage to an organization or individual. Recovery can be difficult and may require the assistance of a professional data recovery specialist.US-CERT recommends that administrators and users take the following preventive steps to safeguard their computers networks from ransomware infection.

  • For all important information, create a backup plan and a recovery plan. Regular backups should be tested to minimize the risk of data loss or system disruptions and speed up the recovery process. Ransomware can also affect network-connected backups; it is important to isolate critical backups from the network for maximum protection.
  • Make sure your operating system and all software are up-to-date by installing the latest patches. Attackers are most likely to target vulnerable applications and operating systems. Ensure that these operating systems and applications are updated regularly to reduce the number of possible entry points for attackers.
  • Keep your anti-virus software up to date and scan any software you download from the Internet before you execute.
  • Limit users’ access (permissions), to install or run unwelcome software applications. Apply the principle of “Least Privilege”, to all systems. These privileges can be restricted to prevent malware from running or limit its ability to spread across the network.
  • Do not enable macros in email attachments. When a user opens an attachment and activates macros, embedded code can execute the malware on the computer.
  • Unsolicited links from emails should not be followed. Refer to the Phishing resources found on this website for more information.

Paying the ransom is discouraged by individuals and organizations as it does not guarantee that files will be released. The FBI advises that ransomware such as Cryptolocker or Cryptowall may be used to prevent victims from obtaining their data without paying a ransom.