NIST best practices to prevent and mitigate ransomware attacks

Penetration Testing Wiki

NIST best practices to prevent and mitigate ransomware attacks

Ransomware is a big threat to any company or corporation. In a matter of minutes all data from servers, workstation, laptops can be encrypted and most probably lost.

Also worth to mention that ransomware attacks, can exploit some unpatched Windows vulnerability but most of the times are triggered by employees executing some weird attachment while reading an email.

Here are the top best recommendations from NIST directly:

  • Use antivirus software at all times.
  • Keep computers fully patched.
  • Segment networks.
  • Continuously monitor directory services.
  • Block access to potentially malicious web resources.
  • Allow only authorized apps.
  • Use standard user accounts.
  • Restrict personally owned devices.
  • Avoid using personal apps from work computers.
  • Educate employees about social engineering.
  • Assign and manage credential authorization.

In the unfortunate case of a ransomware incident, these three steps will help your organization to recover:

  • Make an incident recovery plan.
  • Backup data, secure backup and TEST restoration.
  • Keep you internal and external contact list up to date.

For further reading have a look to the NIST draft: https://csrc.nist.gov/publications/detail/nistir/8374/draft

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.