NIST offers tips to help avoid ransomware attacks

The National Institute of Standards and Technology published on May 13 an infographic of a series of simple tips and tactics that can help organizations and businesses protect themselves against ransomware attacks.

Ransomware is a malicious software that encrypts a computer system’s data and demands payment to restore access, according to NIST. It’s often used in cyberattacks that can paralyze organizations.

The NIST’s advice to avoid ransomware includes:

• Use antivirus software at all times and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
• Keep all computers fully patched with security updates.
• Use security products or services that block access to known ransomware sites on the internet.
• Configure operating systems or use third-party software to allow only authorized applications to run on computers, thus helping to prevent ransomware from working.
• Restrict or prohibit use of personally owned devices on your organization’s networks and for telework or remote access unless you’re taking extra steps to assure security.

In addition, the NIST advises individual users to follow a series of tips for their work computers. These include using user accounts with minimal privileges instead of accounts with administrative privileges whenever possible; avoiding using personal applications and websites, such as email, chat and social media, on work computers; and avoiding opening files and clicking on links from unknown sources without first running an antivirus scan or checking them for suspicious content.

The NIST warned that even with protective measures in place, a ransomware attack may still succeed. Organizations can also prepare for this by taking steps to ensure that their information will not be corrupted or lost, and that normal operations can resume quickly. These recommendations include:

• Develop and implement an incident recovery plan with defined roles and strategies for decision making.
• Plan, implement and test a data backup and restoration strategy; secure and isolate backups from the network and computers.
• Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.

Along with the infographic, NIST also published a more detailed fact sheet. For more information on ransomware, visit nist.gov.