A Framework for Ongoing Ransomware Protection - LiveOnNetwork
 |
| A Framework for Ongoing Ransomware Protection - LiveOnNetwork |
A typical ransomware attack can be divided into four stages: Pre-execution, Pre-damage, damage, Post-damage.
Ransomware Prevention and Response Checklist
Pre-Execution
1: Keep ransomware away from system endpoints by preventing delivery.Examples of solutions that can help:
- Gateway defenses: firewalls, email, and spam filtering
- User anti-phishing tests and awareness training programs
- Exploit prevention: patch management, ad blockers
2: Block ransomware payloads from executing.
Examples of solutions that can help:
- File scanning and filtering, including antivirus
- Program isolation solutions, including sandboxing tools
- Application whitelisting
Pre-Damage
Step: Stop executed ransomware from doing harm.Examples of solutions that can help:
- Runtime protection that identifies malicious behavior and stops it automatically before any damage is done.
Damage
Step: Isolate ransomware infections to prevent them from spreading.Examples of solutions that can help:
- Security Information and Event Management (SIEM) systems can identify security alerts or network events signaling a ransomware attack and help security teams contain it.
- UEBA and incident response tools can identify ransomware attacks even if the attack or malware signature is unknown. Next-generation SIEMs come with UEBA built in.
- Setting up monitoring on file servers to notify of infections
- Restricting admin and usage rights to sensitive files
Post-Damage
Step: Recover quickly without paying the ransom.Examples of solutions that can help:
- Backup, as part of a robust disaster recovery plan
- Decryptor tools
- Malware removal tools
