What should be done to solve the problem can be a debatable topic. It depends on the perspective from those being attacked. Corporations can blame governments for not regulating crypto, consumers can blame companies for unsecured hardware, employers may blame employees for breach of information etc. While a number of factors can be at play when it comes to ransomware attacks there are some preventative measures that anyone who uses a PC with any sensitive information can take in order to lower the chances of being attacked with ransomware. We can talk first about creating actions and policies that are in place in the occurrence of an attack or in order to prevent or deter them. For example a company creating a policy to report “suspicious email”. This is huge considering most of the modern forms of ransomware attacks are being released through phony emails often disguised to look legitimate. Creating these sorts of policies allow corporations to get ahead of potential attacks as well as inform their employees on what to look out for, what to be suspicious about and what to do if you find yourself in a situation. Which in turn can lead to the same practices to be used and remembered when employees use their PC which also contains sensitive information.
Another action that can be established for the security of your information against ransomware attacks is a backup. Making sure you have a backup of your most sensitive data allows you to access your information in the event of an attack and your data is encrypted for ransom. Backup is usually kept offline and inaccessible to any attackers , some may suggest a cloud backup but with that there is still a probability of data breach so likely not the first option for your main data backup.
Continuing methods of prevention we discuss updating and awareness. Being sure that all your systems and software are up to date with the latest firmware is a large part of keeping ransomware attacks at bay. Updating the software patches code that may be causing security issues that likely can be exploited by attackers. Also awareness is key, relating back to policies, employees being informed on what to look for as far as suspicious activity from fake emails, external devices, external links, request of information etc. Being sure employees are aware of when systems need to be updated are crucial to decreasing the probability of being the victims of a ransomware attack.
-Dimitri Duverger