To combat ransomware and assist those affected, the National High Tech Crime Unit of the Dutch National Police, Europol’s European Cybercrime Centre, Kaspersky, and other partners jointly launched the No More Ransom initiative in 2016. On the official website, participants provide decryption tools, guidelines, and instructions to report cybercrimes, irrespective of the location of the incident. These invaluable resources have helped victims of 173 ransomware families retrieve their data without making any payments. Additionally, the initiative aims to raise awareness about ransomware and preventive measures to avoid infections. As a founding member of No More Ransom, Kaspersky has been a key contributor since the initiative’s inception.
To protect yourself and your business from ransomware attacks, consider following the rules proposed by Kaspersky:
- Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary and always use strong passwords, two-factor authentication and firewall rules for them.
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities.
- Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.
- Back up data regularly with special attention to offline backup strategies. Make sure you can quickly access it in an emergency when needed.
- Avoid downloading and installing pirated software or software from unknown sources.
- Assess and audit your supply chain and managed services’ access to your environment.
- Prepare an action plan for reputational risk of your data exposure in the unfortunate event of data theft.
- Use solutions like Kaspersky Endpoint Detection and Response Expert and Kaspersky Managed Detection and Response service which help to identify and stop the attack on early stages, before attackers reach their final goals.
- To protect the corporate environment, educate your employees. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business that is powered by exploit prevention, behavior detection and a remediation engine that is able to roll back malicious actions. KESB also has self-defense mechanisms which can prevent its removal by cybercriminals.