Skip to content
Illustration of a man sitting at a computer. Rain falls around him but an umbrella made of 0s and 1s protects him from the rain.

Illustration by iStock; Security Management

Best Practices for Preventing Ransomware

There are various no-cost resources that organizations can use to shore up against ransomware attacks, according to the U.S. Cybersecurity & Infrastructure Security Agency (CISA).


Protecting Data and Networks

  • Back up computers. Regular and frequent backups of the system and other important files mean that if a computer is infected with ransomware, it can be restored to its previous state.
  • Store backups separately. Store backups on a separate device, such as an external hard drive that cannot be accessed from the network.
  • Train your organization. Provide cybersecurity awareness training to staff. Ideally, training should be regular and mandatory, so personnel are aware of current trends and techniques that attackers use.


Prevention Against Infection

  • Patch regularly. Ensure applications and operating systems are updated with the latest patches.
  • Click with caution. Be cautious when clicking directly on links in emails, regardless of whether it seems to be from a trusted sender. Malicious website addresses can appear to be nearly identical to legitimate ones.
  • Assess attachments. Be careful when opening email attachments, especially when they are compressed or ZIP files.
  • Embrace encryption. Safeguard personal information by ensuring that any submitted information will be encrypted.
  • Verify senders. If an email looks suspicious, verify the sender by contacting him or her directly and do not click on any links in the email.
  • Educate yourself. Stay informed about recent cybersecurity threats and ransomware techniques. Sign up for CISA notifications that will notify you to new alerts.
  • Maintain your hygiene. Use and maintain antivirus software, email filters, and firewalls that can work to reduce malicious network traffic.

If your computer becomes infected with ransomware, immediately report the incident to your IT team or security office.


Partners at the Ready

External support from the U.S. public sector is also available before, during, and after a ransomware attack on organizations based in the United States.

  • Contact CISA to collaborate on assessments, best practices, exercises, information sharing, and more.
  • Connect with your local FBI field office for a list of points of contact when a cyber incident occurs.

Once the ransomware has been removed, change all system passwords and consider submitting ransomware files to CISA for analysis.

CISA—along with the FBI, National Security Agency, and the Multi-State Information Sharing and Analysis Center (MS-ISAC)—offer a #StopRansomware Guide with additional recommendations and information based on operational insight.