Ransomware Protection and Containment Strategies

Ransomware is a common method of cyber extortion or disruption for financial gain. This type of attack can instantly disrupt access to files, applications or systems until the victim pays the ransom (and the attacker restores access with a decryption key) or the organization restores and reconstitutes from backups. Once ransomware is invoked within an organization, most variants utilize privileged accounts and trust relationships between systems for lateral dispersion.

The purpose of this document is to provide practical endpoint security controls and enforcement measures which can limit the capability for a ransomware or malware variant to impact a large scope of systems within an environment. If there is an active outbreak, depending upon the propagation method that the variant is leveraging, implementing many of the recommendations within this document can potentially disrupt and contain the event.

 Digital
FireEye

Share content on email

Share