In 2016, Europol, the Netherlands Police and leading anti-virus companies joined forces to create the No More Ransom project, which to date has helped over 6 million ransomware victims recover their files and avoid paying €1billion in ransom.
The nomoreransom.org website provides advice for individuals and businesses on how to protect themselves against ransomware and hosts an ever-growing library of keys and decryption applications that can help recover files encrypted with some strains of ransomware.
How to protect your business against ransomware
No More Ransom provides advice to businesses to help protect themselves from ransomware including:
- Apply security updates automatically to all devices on the network, including mobile devices
- Use anti-virus and anti-malware products and ensure they are kept up to date and scanning regularly
- Backup your systems – both online and offline backups. Ensure the backups are protected from a ransomware infection on the main network and test how long it will take to restore your backups.
- Segment your network, making it harder for intruders to move about
- Protect Remote Desktop Protocol interfaces with source-IP allow-lists and multi-factor authentication
- Monitor for data exfiltration – often a clue that intruders are in your network and preparing a ransomware attack by stealing your data first – so they can threaten to publish it if you do not pay.
- Provide Security Awareness training for your staff to help them spot Phishing emails and malicious attachments used to deliver ransomware into your network
Europol’s best advice is to rely on backups to recover from a ransomware attack – not paying the ransom:
The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.