Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
- Use antivirus software at all times — and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
- Keep all computers fully patched with security updates.
- Use security products or services that block access to known ransomware sites on the internet.
- Configure operating systems or use third-party software to allow only authorized applications to run on computers, thus preventing ransomware from working.
- Restrict or prohibit use of personally owned devices on your organization’s networks and for telework or remote access unless you’re taking extra steps to assure security.
NIST also advises users to follow these tips for their work computers:
- Use standard user accounts instead of accounts with administrative privileges whenever possible.
- Avoid using personal applications and websites, such as email, chat and social media, on work computers.
- Avoid opening files, clicking on links, etc. from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, and inspect links carefully.
Unfortunately, even with protective measures in place, eventually a ransomware attack may still succeed. Organizations can prepare for this by taking steps to ensure that their information will not be corrupted or lost, and that normal operations can resume quickly.
NIST recommends that organizations follow these steps to accelerate their recovery:
- Develop and implement an incident recovery plan with defined roles and strategies for decision making.
- Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data, but also to make sure that backups are kept isolated so ransomware can’t readily spread to them.
- Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.
NIST has also published a more detailed fact sheet on how to stay prepared against ransomware attacks. You can find this material and more on ransomware at the NIST and CISA websites. These materials were produced by staff members in NIST’s Information Technology Laboratory and National Cybersecurity Center of Excellence.