> Back up your data!
- If you're hit by a ransomware attack, then you can restore from those backups.
- Make sure that your backups are not connected to your internal network, or else they'll be at risk of infection as well.
- Store your backups off-site as well as on-site, so that in the event of environmental damage (e.g. fires or floods) you'll still have backups to restore from. Cloud storage is a great option which satisfies the above points and is now much more affordable (note: always read T&C's for specifics of the service).
- Know what data is on your backup, and test that they work as expected! In one of our previous ransomware investigations, when it came to restoring from a backup, a company found that their outsourced IT support were only backing up HR files. As a result they lost 6 years' worth of financial and project data.
> Educate and train staff to defend against common cyber threats/exploits, for example:
- Phishing - see the NCSC's guide on this at
https://www.ncsc.gov.uk/phishing.
- Physically securing devices e.g. are devices locked away/secure when not in use?
> Make sure devices are secured
- Ensure that all software is frequently patched and updated.
- Install and run Antivirus software, and make sure that it's updated!
- Use firewalls and correctly configure them.
If you're not responsible for configuring, ask your IT manager/provider to confirm this has been done.
- Remote Desktop Protocol (RDP) allows administrators to connect remotely to computers over a network connection. If you have no need for RDP, consider disabling it. If you're using it, make sure that it's set up securely (e.g. strong authentication).
> If you suffer a ransomware attack, we recommend you do NOT pay the ransom.
If you do pay, there is no guarantee that you will receive your data back. If anything, paying out means that you're likely to be targeted again. We always encourage victims to report the crime to ActionFraud via phone (0300 123 2040) or website (
https://www.actionfraud.police.uk).
(Please also see the Useful Links section for the No More Ransom initiative which is a project which can help victims of ransomware retrieve their encrypted data)