A solid backup plan will ensure that victim organizations can recover in the event of a ransomware attack. Backups should be created and tested on a regular basis to ensure a smooth and up-to-date recovery effort. It is also important to maintain “offline” backups that are not connected to the network. Many ransomware variants search for connected network or USB drives and will attempt to encrypt those as well as local file systems. Organizations should also have an incident response plan in place. A detailed plan should include response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have a Security Operations Center or a managed security monitoring service with expert security analysts on duty, such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network. The Cybersecurity & Infrastructure Security Agency (CISA) provides excellent guides on how to prevent and deal with ransomware infections.

Sources: https://www.zdnet.com/article/largest-ransomware-demand-now-stands-at-30-million-as-crooks-get-bolder/