Refer to the following best practices to help you manage the risk posed by ransomware and support your organization’s coordinated and efficient response to a ransomware incident. Apply these practices to the greatest extent possible based on availability of organizational resources.
It is critical to maintain offline, encrypted backups of data and to regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline as many ransomware variants attempt to find and delete any accessible backups. Maintaining offline, current backups is most critical because there is no need to pay a ransom for data that is readily accessible to your organization.
Create, maintain, and exercise a basic Cyber Incident Response Plan and associated communications plan that includes response and notification procedures for a ransomware incident.
Review available incident response guidance, a resource and guide to: –
Ensure antivirus and anti-malware software and signatures are up to date. Additionally, turn on automatic updates for both solutions. We recommend using a centrally managed antivirus solution. This enables detection of both “precursor” malware and ransomware.