7 Steps to ransomware attack prevention and Reducing by jobipoint - ideagivers

7 Steps to ransomware attack prevention and Reducing by jobipoint

7 Steps to Preventing and Reducing the Impact of Ransomware:

ransomware attack prevention: Ransomware attacks can affect anyone anywhere, from small businesses to large corporations. It is up to all of us to work together to keep them from succeeding.

Ransomware is a sort of virus that prevents users from accessing a system, device, or file until they pay a ransom. Ransomware accomplishes this via encrypting files on the endpoint, threatening to delete files, or preventing access to the system. Ransomware attacks against hospitals, emergency call centers, and other important infrastructure can be particularly damaging.

Defending against ransomware necessitates a comprehensive, all-hands-on-deck strategy that involves your entire organization. The following are seven ways that businesses can assist prevent ransomware attacks and mitigate their effects. We’ve linked each of them to the relevant CIS Controls security recommended practices so you can learn more about them. ransomware attack prevention

1. Keep backups — and do so intelligently.

Backing up crucial data is the single most efficient technique of recovering from a ransomware infestation, according to the MS-ISAC. However, there are a few things to think about. Your backup files should be properly secured and stored offline or out-of-band so that attackers cannot target them. Many cloud providers keep prior copies of files, allowing you to roll back to an unencrypted version in the event of a ransomware infestation. Make careful to test backups for efficacy on a regular basis. Before rolling back in the event of an attack, be sure your backups aren’t contaminated.

Additional information on how to create a data recovery plan may be found in CIS Control 11.

2. Create policies and plans

Make a ransomware incident response strategy so that your IT security staff knows what to do in the case of a ransomware attack. Defining roles and communications to be shared during an attacker should be part of the plan. A list of contacts, such as any partners or vendors who would need to be contacted, should also be included. Do you have a policy in place for “suspicious email”? If not, try establishing a policy that applies to the entire firm. This will assist staff in learning what to do if they receive an email that they are unsure of. It might be as simple as sending an email to the IT security staff.

For additional information on incident response and management, see CIS Control 17.

3. Examine your port settings.

Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445 are used by several ransomware variants. Consider whether your company needs to keep these ports open and if so, only allow trusted hosts to connect. Check these settings for on-premises and cloud environments, and work with your cloud service provider to disable any unneeded RDP ports.


CIS Regulate 4 explains how to control network ports, protocols, and services in your organization.

4. Make your endpoints more difficult to reach

Ensure that your systems are set up to be secure. Secure configuration options can help your organization reduce its threat surface and fix security gaps caused by default setups. For businesses wishing to deploy industry-leading, consensus-developed settings, the CIS Benchmarks are a wonderful, no-cost option.

5 Ensure that your systems are up to date.

Ensure that all of your company’s operating systems, apps, and software are kept up to date. By installing the most recent updates, you may help close the security gaps that cybercriminals are attempting to exploit. Turn on auto-updates whenever possible to ensure that you have the most recent security patches.

Best backup solutions for office 365 special version

CIS Control 7 contains further information on updating and vulnerability management.

6. Educate the group

To stop ransomware in its tracks, security awareness training is essential. Everyone contributes to the organization’s security when employees can recognize and avoid harmful emails. Team members can learn what to check for in an email before clicking on a link or downloading an attachment through security awareness training.

ransomware attack prevention

7. Set up an IDS.

An Intrusion Detection System (IDS) compares network traffic logs to signatures that detect known malicious activity to hunt for harmful activity. An effective IDS will regularly update signatures and notify your company if it finds potentially dangerous activity.

Most commercial IDS manage audit logs, and CIS Control 8 specifies how they are maintained, monitored, and analyzed.
CIS is also the creator of the Albert Network Monitoring system. This is an IDS solution designed specifically for State, Local, Tribal, and Territorial (SLTT) government agencies in the United States. Albert’s own signature set allows it to be extremely effective at detecting ransomware. Albert’s signatures are updated on a regular basis to ensure that enterprises have the most up-to-date threat prevention. ransomware attack prevention

We will be happy to hear your thoughts

Leave a reply