Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.
Malicious actors continue to adapt their ransomware tactics over time. Federal agencies remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.
Here are A Few Ransomware Prevention Best Practices:
Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface.
Create, maintain, and exercise a basic cyber incident response plan and an associated communications plan that includes response and notification procedures for a ransomware incident.
Ensure devices are properly configured and that security features are enabled. For example, disable ports and protocols that are not being used for a business purpose.