NIST best practices to prevent and mitigate ransomware attacks
Ransomware is a big threat to any company or corporation. In a matter of minutes all data from servers, workstation, laptops can be encrypted and most probably lost.
Also worth to mention that ransomware attacks, can exploit some unpatched Windows vulnerability but most of the times are triggered by employees executing some weird attachment while reading an email.
Here are the top best recommendations from NIST directly:
- Use antivirus software at all times.
- Keep computers fully patched.
- Segment networks.
- Continuously monitor directory services.
- Block access to potentially malicious web resources.
- Allow only authorized apps.
- Use standard user accounts.
- Restrict personally owned devices.
- Avoid using personal apps from work computers.
- Educate employees about social engineering.
- Assign and manage credential authorization.
In the unfortunate case of a ransomware incident, these three steps will help your organization to recover:
- Make an incident recovery plan.
- Backup data, secure backup and TEST restoration.
- Keep you internal and external contact list up to date.
For further reading have a look to the NIST draft: https://csrc.nist.gov/publications/detail/nistir/8374/draft