Ransomware threat actors are becoming increasingly bold. The best practices for defending against this threat are to have employees well trained to spot and report phishing emails, use an enterprise email filtering solution, keep up to date with patches of security vulnerabilities in software, use EDR and implement behavioral detections that could detect the first stage of the attack before ransomware is deployed. To prepare for mitigation and recovery, it is important to maintain proper backups, keeping three copies of backup data with two on separate media devices and one off-site, and have a robust incident response plan to help get your organization back up and running quickly if a ransomware attack happens despite these measures. Also, as the article mentions, RDP exposed to the Internet is one of the most common methods of breaching a network, so if possible don’t expose this service to the Internet such that it could be brute-forced by a threat actor. It is better to protect RDP behind a VPN with two-factor authentication and client certificates required to connect to the VPN server.

https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/