Tips on preparing for and managing Ransomware Attacks

IBM X-Force Incident Response and Intelligence Services (IRIS) offers the following recommendations for organizations, cities, government entities, and beyond on how they can prepare for ransomware attacks:

  • Rehearse and Test Your Incident Response: It’s not a matter of if an incident response plan will be tested anymore, but a matter of when. Create a detailed incident response plan and conduct regular simulations with your stakeholders to test your response.


  • Maintain Backups, Test Backups, And Keep Offline Backups: Backing up systems is a critical best practice. Ensuring departments have effective backups of critical systems and are testing these backups is more important than ever. Store backups apart from your primary network and only allow read, not write, access to the backups. Offline backups are ideal for the most sensitive data and systems.


  • Develop an Action Plan for Quickly Establishing Temporary Functionality: Consider developing a capability to set up a short-term, quick turnaround business function to enable continued operations while an attack is being remediated. Create an alternative location and network for functions to continue critical services and systems in the face of attacks, even as remediation of or replacement of the original network is ongoing.


  • Patch Systems: Ensure all systems are patched with the latest software updates.


  • Empower Employees: Some of the best responses to cyberattacks can stem from empowered employees that are allowed to take calculated risks to save digital assets.


  • Hire an Ethical Hacker: Departments should constantly test their security measures, including testing employees to identify weaknesses. Learn your group’s risk level by having a hacker hack your department before a criminal does.