Table of contents
-
What Is Ransomware?
- Ransomware Key Takeaways
- Why Ransomware Matters
- Stages of a Ransomware Attack
- How Ransomware Uses Psychological Pressure
- Types of Ransomware
- Example Ransomware Strains
- Role of Human Behavior in Cybersecurity
- Ransom Payment and Prevention
- Creating and Testing an Incident Response Plan
- Understanding if You Have a Ransomware Infection
- Difference Between Malware and Ransomware
- What is Multi-Extortion Ransomware?
- Why Ransomware Is Illegal
- Recovery from Ransomware Attacks
- Is Ransomware Still a Threat?
- Future-Proofing Against Ransomware
- Ransomware FAQs
-
What is Ransomware as a Service (RaaS)?
- What is Multi-Extortion Ransomware?
- What Are the Most Common Types of Ransomware?
-
What is Ransomware Response and Recovery?
- How to Respond to a Ransomware Attack
- How Do Ransomware Attacks Begin?
- Reducing Dwell Time
- Common Threat Actor Techniques
- Data Theft and Multi-extortion Ransomware
- How to Uninstall Ransomware and Retrieve Data
- Steps to Recovery After a Ransomware Attack
- ® Incident Response Methodology
- Ransomware Removal and Recovery FAQs
- What are Ransomware Attacks?
What is Ransomware Prevention?
2 min. read
Table of contents
Ransomware can bring your business operations to a halt, encrypting sensitive data and forcing you to pay the attacker to regain access. Keeping your organization safe requires a fundamental shift toward prevention, and away from simple detection and remediation after infection. The right architecture can make prevention real. You can use this checklist to implement a true prevention-based platform.
Related Video
Ransomware (Part 1)
Step 1: Reduce the Attack Surface
- Gain full visibility and block unknown traffic.
Identify all traffic on the network and block unknown, potentially high-risk traffic. - Enforce application- and user-based controls.
Restrict access to SaaS-based tools for employees who have no business need for them. - Block all dangerous file types.
Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled. - Implement an endpoint policy aligned to risk.
Enforce policies that restrict noncompliant endpoints from connecting to critical network resources.
Step 2: Prevent Known Threats
- Stop known exploits, malware, and command-and-control traffic.
Blocking known threats raises the cost of an attack and ultimately reduces the likelihood of an attacker attempting a breach. - Block access to malicious and phishing URLs.
Prevent users from inadvertently downloading a payload or having their credentials stolen by blocking known malicious and phishing URLs. - Scan for known malware on SaaS-based applications.
SaaS-based applications represent a new path for malware delivery and must be properly secured. - Block known malware and exploits on the endpoint.
Endpoints are common targets for attacks. Ensure you are keeping your endpoints secure by blocking any known malware or exploits.
Step 3: Identify and Prevent Unknown Threats
- Detect and analyze unknown threats in files and URLs.
As new files are submitted, detonate, analyze and look for malicious behavior. - Update protections across the organization to prevent previously unknown threats.
Automatically push protections to different parts of your organization’s security infrastructure. - Add context to threats, and create proactive protections and mitigation.
Developing protections requires context to better understand the attacker, malware and indicators of compromise. - Block unknown malware and exploits on the endpoint.
Once unknown threats or trends of suspicious behavior have been identified and blocked, block unknown malware and exploits on the endpoint.
