The primary method of defending from these attacks is to not be infected in the first place. Even if the ransom payments are made, there is still a possibility that the attackers will begin leaking the stolen data to elicit additional payments in the future. Having robust anti-virus/anti-malware software that is updated routinely is a good first step but is not sufficient on its own, because targeted attacks can easily evade anti-virus file signatures. Email scanning for threats is another important layer of defense because many ransomware incidents start with a phishing email containing an attachment or link to a malicious document. It is critically important to place any remote access (such as Remote Desktop Protocol) behind a VPN instead of exposing it directly to the Internet. The best approach to defend workstations and servers is to employ services such as Binary Defense that can detect and defend endpoints from malicious software and attackers abusing built-in tools 24 hours a day, 7 days a week. Stealing a large number of files requires that attackers maintain access for an extended period of time. Quick detection and response can stop an attack before it has the opportunity to do damage. To read more: https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/