Respond: Detect the problem
The sooner you know about a problem, the sooner you can implement a disaster recovery plan and mitigate the damage. Pierson notes antivirus is a good first line of defense for endpoint protection, especially when configured according to specialized guides to protect certain file locations.
In addition, he says, there are several controls businesses can use to scan for files being encrypted en masse. Teams should be reviewing all of their controls, and using network or behavioral tools to accurately identify and block suspicious activity.
"Companies need to make sure they have the traditional signature-based defenses in place, but they must also have network anomaly-based tools that can sense the rapid encryption of system resources and shut down an attack in progress," Pierson says.
(Image: Sergey Nivens via Shutterstock)