17 Best Practices To Protect Against Ransomware

Ransomware attacks can be extremely destructive to a business and its ability to function. According to a study published in Health Services Research ransomware adds an extra 2.7 minutes to response times for heart attacks, leading to an additional 36 deaths per 10,000 heart attacks each year. Recovery efforts from ransomware attacks can also damage an organization’s finances and reputation.

Seventy percent of surveyed respondents in the VMware Carbon Black Global Incident Response Threat Report cited they had suffered damage to their corporate image following a breach. Cyber criminals increasingly evolve their attack tools and strategies by developing ransomware variants that slip by legacy malware protection.

Prevention is the most effective defence

By identifying malicious behaviour before an attack takes place, these attacks can automatically be blocked.

Follow these 17 best practices recommended by our security expert

Implement an awareness and training program

End users are top targets, so everyone in your organization needs to be aware of the threat of ransomware and how it’s delivered.

Scan and filter all incoming and outgoing emails

Use content scanning and email filtering to detect threats before they reach end users.

Enable strong spam filters

This is to prevent phishing emails from reaching end users

Block ads

Ransomware is often distributed through malicious ads served when visiting certain sites. Blocking ads can reduce that risk.

Configure internal as well as perimeter firewalls

This allows authorized users and workloads to access data, while blocking access to known malicious IP addresses.

Logically separate networks

This helps prevent the spread of malware. If every user and server is on the same network, the most recent variants can spread

Inspect east-west traffic (internal traffic)

This provides anomaly detection of certificates when traffic is encrypted

Inspect north-south traffic

Detect command and control (C&C) traffic by using threat intelligence to identify malicious IPs, domains and more.

Scan network artifacts

Dynamically analyze file behaviors for threats by using AI to detect malicious code

Categorize data based on organizational value

Implement physical and logical separation of networks and data for different organizational units.

Use the principle of least privilege to manage accounts

Users should not be assigned administrative access unless absolutely needed

Use application control on critical systems

Default-deny policy for non-approved programs and scripts to stop ransomware before it can access your critical assets.

Patch operating systems, software and firmware on devices

Consider using a centralized patch-management system.

Establish vulnerability discovery and remediation processes

Back up data regularly

Verify the integrity of those backups and test the restoration process to ensure it’s working

Secure your offline backups

Ensure backups are not connected permanently to the computers and networks they are backing up.

Conduct an annual penetration test and vulnerability assessment.

Secure your multi-cloud network with the strongest defense against ransomware.

Start now by visiting vmware.com/solutions/multi-cloud-security.html