In response to last month's worldwide ransomware attack, three researchers from Pittsburgh-based Carnegie Mellon University penned an article on the university's software engineering institute blog detailing best practices to prevent ransomware infection.
Here are five of the authors' recommendations.
1. Backup systems. Backup files should be stored on a separate system to avoid any chance of ransomware infection by a compromised network. "More recent ransomware attacks have not only encrypted data files but also Windows system restore points and shadow copies, which could be used to partially restore data after a ransomware attack," the authors noted.
2. Educate employees. Ransomware is often distributed through email attachments and web browsing, according to the authors. A foundational way to avoid ransomware infection is to train employees on how to avoid downloading the malicious software.
3. Institute system- and network-level protection. System-level protections include email security, like spam filters and blocking attachments. Network-level protections include implementing firewalls, which inhibit downloaded ransomware from connecting to remote servers.
4. Restrict administrative and system access. Ransomware often uses a system administrator account to execute its encryption capabilities. By decreasing unnecessary user accounts, organizations can "create an extra roadblock" for ransomware execution, according to the authors.
5. Update software. Maintenance is especially important for IT security and anti-malware software, which are meant to detect and block viruses from entering an organization's IT system.
If ransomware does infect an organization, the authors suggest users take a snapshot of the system, shut the system down, identify the attack vector, block network access to servers infected by the ransomware and notify the appropriate authorities.
Click here to view the blog post.