Ransomware
Prevention and Response
Checklist
-----
-----
-----
-----
www.datasecurityplus.com
� Ransomware
prevention checklist
Preventive measures at the user level
Conduct security awareness training and educate your end users about ransomware attacks.
Train your end users to spot and report phishing emails containing malicious attachments.
Preventive measures at the software level
Ensure your firewalls are operational and up-to-date at all times.
Logically separate your networks.
Employ a strong email filtering system to block spam and phishing emails.
Patch vulnerabilities and keep all your software updated.
Set up rigorous software restriction policies to block unauthorized programs from running.
Keep your antivirus fully operational and up-to-date.
Conduct periodic security assessments to identify security vulnerabilities.
Enforce the principle of least privilege.
Disable Remote Desktop Protocol (RDP) when not in use.
Disable macros in your Microsoft Office files.
Use a strong, real-time intrusion detection system to spot potential ransomware attacks.
Preventive measures at the backup level
Back up your files using a 3-2-1 backup rule, i.e. retain at least three separate copies of data on
two different storage types, with at least one of those stored offline.
Ensure that you back up critical work data periodically.
Enforce regular checks for data integrity and recovery on all your backups.
www.datasecurityplus.com 1
� Ransomware
response checklist
Time-sensitive reactive measures
Shut down infected systems immediately.
Disconnect and isolate infected systems from the network.
Isolate your backups immediately.
Disable all shared drives that hold critical information.
Issue an organization-wide alert about the attack.
Contact your local law enforcement agency and report the attack.
Analysis-based reactive measures
Determine the scope and magnitude of an infection by identifying the type and number of
devices infected, as well as what kind of data was encrypted.
Determine the type and version of the ransomware.
Identify the threat vector used to infiltrate your network.
Conduct root cause analysis.
Mitigate any identified vulnerabilities.
Check if a decryption tool is available online.
Business continuity reactive measures
Restore your files from a backup.
www.datasecurityplus.com 2
�Additional resources
Step-by-step guide to detect and 8 best practices to prevent future
respond to ransomware attacks. ransomware attacks.
Know more > Know more >
Infographic on HIPPA guidelines on Infographic on how to protect your
ransomware attacks. organization from ransomware attacks.
Know more > Know more >
Ebook FBI recommendations to
prevent ransomware attacks
Know more >
www.datasecurityplus.com 3
�DataSecurity Plus
DataSecurity Plus is a data visibility and security solution that offers data discovery,
file storage analysis, and Windows file server auditing, alerting, and reporting
features. Locate, analyze, and secure sensitive personal data in your files, folders,
and shares from various insider and external threats. Gain visibility into data usage
trends, file access patterns, volume of personal data in files, file permission
changes, and more. DataSecurity Plus helps you meet multiple compliance
regulations and generate clear, concise audit records as legal evidence.
Explore
DataSecurity Plus
Data discovery File server auditing Storage analysis
Find, analyze, and track Audit, monitor, report, and Analyze and identify
sensitive personal data—also alert on all file accesses and redundant, outdated, and
known as personally modifications made in your file trivial data to declutter your
identifiable information server environment in real file servers and cut storage
(PII)—stored in files, folders, time. costs.
or shares.
Learn more Learn more Learn more
Get Quote Download
[email protected]
www.datasecurityplus.com
