The FBI has developed a brochure of safety and risk mitigation tips for the growing threat of ransomware.

Prevention Considerations

* Implement an awareness and training program. Because end users are targeted, employees and individuals should be made aware of the threat of ransomware and how it is delivered.

* Patch operating systems, software, and firmware on devices, which may be made easier through a centralized patch management system.

* Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.

* Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary.

* Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

* Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

* Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers

Business Continuity Considerations

* Back up data regularly, and regularly verify the integrity of those backups.

* Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline.

Other Considerations

* Implement application whitelisting; only allow systems to execute programs known and permitted by security policy.

* Execute operating system environments or specific programs in a virtualized environment.

* Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units.