[CHECKLIST] How to Protect Yourself from a Ransomware Attack

Due to the vulnerability of human nature, completely protecting your organization from a ransomware attack is difficult to manage on your own. But, by taking the following precautions, you’ll be able to mitigate your organization’s risk of a cyberattack.

1. Back up your files. Regularly. By completing regularly scheduled backups, you can be more confident in how you handle a ransomware attack. If your data is compromised, you can rest easier knowing that because you have a recent data backup you’ll be able to more quickly recover from an attack (without feeling pressured to pay the ransom).
2. Review your backups. Regularly. It’s one thing to complete the backups, but you should periodically review the backups to make sure that the backups are complete and undamaged.
3. Train employees. Teach employees to never open attachments from unknown senders or suspicious attachments from known senders. Help them understand what to look for in a phishing attack.
4. Trust, but verify. You can never be too careful, especially if you’re a highly regulated organization that is entrusted with storing sensitive client or patient data. Train employees to call colleagues if they suspect anything out of the ordinary to verify the authenticity of the email and attachment.
5. Change file extension settings. Malicious attacks are good at disguising themselves, but they can be more easily identified if you can see the file extension at the end of the attachment. Stay away from files that end in “.exe,” “.vbs” and “scr.” File extensions are hidden by default, but you can quickly change these settings in Windows Settings.
6. Patch and update. Regularly. Hackers are continually looking for vulnerabilities and access points in applications and operating systems, so make sure you frequently check for and install any available security-related patches and updates.
7. Ensure firewalls and antivirus are in place. Firewalls and antivirus software can work in concert as a safety net for some of the common malware attacks, especially for file scanning. It’s not a be-all, end-all stopgap, but when they’re paired with some of your other security measures, you can better cover your organization.

The above steps will better protect your organization from attack, but sometimes hackers get through the safeguards and penetrate your infrastructure. If you’re attacked, take the following additional steps:

1. Cut off your connection. Immediately. If you identify that your organization is infected by ransomware, you can prevent the spread of the infection by immediately cutting off internet access and shutting down your network. This will isolate the attack.
2. Don’t pay the piper. Files encrypted? Resist the urge to pay the ransom. It emboldens the hackers and there’s no guarantee that you’ll get all your files back after paying the ransom. Since you should already have regular backups in place, recovering any lost data should cause minimal business interruption. This will be where a comprehensive disaster recovery plan comes in handy.
3. Identify the attack. If you can, do your best to identify the name of the malware. This will help you better troubleshoot the attack and determine recovery options based on similar attacks. In some attacks, IT teams decrypted the ransomware without paying the ransom and without losing data. To see whether your attack might be beaten, check out NoMoreRansom.org.