Topics Map > Office of Cybersecurity > Awareness and Best Practices
Protect Against The Threat of Ransomware
Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.
Tips for Avoiding Ransomware
First, watch this webinar from the 2021 IT Professionals Conference titled: Ransomware – How it Works and How to Stop it
The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on.
Other tips:
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case you or your organization is the victim of a ransomware attack.
Below are a variety of resources that you can use to keep yourself or your users protected from ransomware attacks:
- CISA Ransomware Guidance and Resources
- CISA Ransomware Guide
- DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
- FBI Ransomware Webpage
- FBI IC3 Webpage for Ransomware
- NIST’s Tips and Tactics for Dealing with Ransomware
- HHS HC3 Homepage
- 405(d) Ransomware Threat Flyer
- 405(d) Spotlight Webinar- Ransomware
- 405(d) Ransomware Cyber Awareness Flyer
- Ransomware Task Force: Combatting Ransomware Report
- Software Engineering Institute Resources for Preparing and Responding to Ransomware
In addition to these materials, the HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA provides further information for entities regulated by the HIPAA Rules.