The best strategy to deal with ransomware must include both preventive and recovery measures. As any security professional will agree, the first thing everyone must do is keep their systems up to date. It’s extremely difficult, if not impossible, to properly defend unpatched systems against ransomware or any form of malware.
Next, one the most popular sources of infection is Microsoft Office documents sent as email attachments, which are laced with macros that launch ransomware automatically when clicked. Unless otherwise necessary, organizations should consider a system policy that disables all Office macros on each desktop.
Finally, it’s imperative to have a highly effect endpoint protection solution installed on each system—particularly one that leverages machine learning instead of relying upon signatures.
Even with all the prevention, no security scheme is perfect, so in the event of a ransomware infection, having off-line backups for all sensitive data and systems is absolutely critical. “Off-line” is key because ransomware infections are known for attacking and encrypting network-connected backups, which renders them useless.
Follow this guidance and you’ll be in better shape than 99% of the world and properly prepared for any ransomware outbreak.
—Jeremiah Grossman, founder of WhiteHat Security, chief of security strategy at SentinelOne