This month, the Federal Bureau of Investigation published information and guidance for organizations about ransomware attacks, along with some suggested preventative measures. There is a section in the bulletin discussing whether victims should consider paying ransom to attackers. According to the statement, the FBI “does not advocate paying a ransom, in part because it does not guarantee and organization will regain access to its data,” and paying ransoms emboldens criminals to target others.
Several of the suggested “best practices” are somewhat generalized, such as increased employee awareness about how ransomware is delivered, and basic security techniques (we would recommend adding anti-phishing training and tests to the list). However, several others are more specific. All of the measures listed should be considered as parts of a comprehensive standard information security program.
Among the list of the FBI’s “Cyber Defense Best Practices” recommended are:
- Regular backups of data to locations that are not connected to the computers and networks they are backing up;
- Employee awareness and training;
- Regular updates to anti-virus and anti-malware, firmware updates and operating system patches;
- Disabling macro-scripts from Office files sent via email;
- Regular audits of systems using RDP, logging of RDP activity and two-factor authentication;
- Data categorization by sensitivity and organizational value; and
- Physical and logical separation of networks and data for different organizational units.
The complete bulletin, titled High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations, can be found here.