Carnegie Mellon University’s Software Engineering Institute (SEI) recently identified best practices for preventing and responding to ransomware. Ransomware is an attack that encrypts and holds data hostage for release only upon payment of a requested amount.
SEI advises that a deterrent to ransomware is to back up and verify computer systems. Backups should be stored on a separate system that cannot be accessed to a network. They also suggest educating employees, conducting regular data backups, restrict systems access and maintain and update software.
For email systems, it is helpful to filter emails that contain spam. Employers may also want to consider blocking attachments such as .zip files, and requiring login at access points such as local and mapped drives.
If a ransomware attack occurs, SEI suggests taking a snapshot of the system memory, shutting down the system, identifying the attack vendor, blocking network access to identified command-and-control servers and notifying authorities.