NCSC: Mitigating malware and ransomware attacks

NCSC learns from every incident and that is brings advice to reduce the chance that organizations will become infected with ransomware and malware and limit the spread of malware within the organization and the impact of the infection. it is important to emphasize two extra measures, namely having tested, up-to-date, offline backups and disabling or limiting scripting environments and macros. This involves the use of PowerShell Constrained Language to protect systems against misuse. In many ransomware attacks, attackers use PowerShell to perform the attack. The PowerShell Constrained Language prevents attackers from loading certain COM objects, libraries, and classes in PowerShell sessions. The NCSC also advises to disable macros when they are not being used.

read more about this: