Ransomware Mitigation
What to do before ransomware?
- Make sure your have a clean, comprehensive, air-gapped backup. 3-2-1 strategy works best.
- Did you understand the word "comprehensive"? It includes all source code, applications, databases, important data, firmware, server rebuild images and Active Directory configuration.
- Practice fully-fledged recovery purely using the above comprehensive backup. No cheating.
- Updates and patching.
- Obsolescence management
- Network Segmentation
- Access Management
- Principle of least privilege
- Application whitelisting
- Anti-malware (not just signature based, but behaviour based)
- 24/7 monitoring
What to do after ransomware
(To be added)
Recommended reading
IMHO the US-CERT Guidance is inadequate on its own. Hence, I have expanded the list above.
We use a strictly necessary technical cookie (__Host-PHPSESSID) to ensure secure browsing. No consent is required under GDPR. See our Cookie Policy and Privacy Policy for details.