Ransomware best practice: Before, during, and after | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

In recent years, ransomware attacks have surged, posing a significant threat to businesses and individuals.

These malicious attacks encrypt valuable data, demanding hefty ransom payments for its release. However, proactive measures can help defend against such threats.

Trevor Cooke, an online privacy expert at EarthWeb, provided insight on protecting yourself from ransomware attacks.


The most useful way to protect yourself from ransomware attacks is to prevent it from happening in the first place. Protecting your data, and implementing a robust backup strategy by backing up critical data regularly to secure storage such as Google Drive, Microsoft OneDrive, or secure offline storage locations.

To prevent attacks, best practice is also to keep your software and operating systems up to date with the latest security patches. Cooke recommends enabling automatic updates on all devices. 

It is also advisable to educate employees about the dangers of phishing emails and suspicious attachments. Human error remains a leading cause of ransomware infections, which highlights the need for cybersecurity awareness training. 

However, even if you follow all the preventative steps, you may still find yourself the victim of an ongoing attack. In which case, Cooke recommends a tactical response. 


A tactical response includes isolating infected systems by immediately disconnecting compromised devices from the network to prevent the spread of the attack. Next, critically evaluate the situation, and the extent of the ransomware attack to inform decision-making and response strategies. Use endpoint detection and response tools to analyse malware behaviour accurately.

After that, develop a response strategy with cybersecurity experts and law enforcement agencies to develop a clear plan of action. Implement incident response playbooks detailing step-by-step procedures for containment, eradication, and recovery.


Post attack, the first thing you should do is recover your data. Use the backup data copies you saved to restore encrypted data. Next, restore your systems and rebuild affected systems from clean backups, incorporating security enhancements to prevent recurrence. 

Finally, take preventative measures and implement stringent security measures, including network segmentation and access controls. Regularly review and update incident response plans to adapt to evolving threats.

In addressing the rising threat of ransomware attacks, Trevor emphasises the importance of proactive measures and decisive action. 

“When facing a ransomware attack, swift and decisive action is crucial. Isolate infected systems, assess the situation, and respond strategically to minimise damage and facilitate recovery,” says Cooke. 


Click Here For The Original Source.


National Cyber Security