A combination of common sense, backup, proactive protection, and automated removal tools is a solid defense against the growing scourge of ransomware.
By Mark Hachman
Senior Editor, PCWorld | MAR 13, 2017 3:30 AM PT
Ransomware doesn’t sneak into your PC like ordinary malware. It bursts in, points a gun at your data, and screams for cash—or else. And if you don’t learn to defend yourself, it could happen again and again.
Armed gangs of digital thieves roaming the information superhighway sounds like an overwrought action movie, but the numbers say it’s true: Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year, according to Sonicwall—even as the number of malware attacks declined. Why steal data when you can simply demand cash?
CONTINGENCY PLANNING GUIDE FOR INFORMATION TECHNOLOGY SYSTEMS
Elizabeth B. Lennon (Editor)
Information Technology Laboratory
National Institute of Standards and Technology
Information technology (IT) and automated information systems are vital elements in most business processes. Because these IT resources are so essential to an organization’s success, it is critical that the services provided by these systems are able to operate effectively without excessive interruption. Contingency planning supports this requirement by establishing thorough plans, procedures, and technical measures that can enable a system to be recovered quickly and effectively following a service disruption or disaster. Interim measures may include the relocation of IT systems and operations to an alternate site, the recovery of IT functions using alternate equipment, or the performance of IT functions using manual methods.
NIST’s Information Technology Laboratory has published a recommended guidance document on contingency planning for federal departments and agencies. (Industry will find the recommendations valuable as well.) NIST Special Publication (SP) 800-34, Contingency Planning Guide for Information Technology Systems, by Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas, provides instructions, recommendations, and considerations for government IT contingency planning. NIST SP 800-34 supersedes Federal Information Processing Standard (FIPS) 87, Guidelines for ADP Contingency Planning.
NIST SP 800-34 provides guidance to individuals responsible for preparing and maintaining IT contingency plans. The guide discusses essential contingency plan elements and processes, highlights specific considerations and concerns associated with contingency planning for various types of IT systems, and provides examples to assist readers in developing their own IT contingency plans. This ITL Bulletin summarizes the contingency planning guide, which is available at http://csrc.nist.gov/publications/nistpubs/index.html.