Report Incident
× Home DPO CyberHub Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Prevent & Protect Against Ransomware

Description

Ransomware attacks are on the rise globally, and they are now becoming the fastest-growing type of cyber-attacks.
All institutions in Rwanda are therefore advised to take note of ransomware preventive measures and implement them in order to protect their data, systems, and people.

The National Cyber Security Authority (NCSA) advises all systems administrators to take note of the following measures for ransomware prevention and apply them as soon as possible:

  • Maintain the latest backup of data and critical systems;
  • Ensure that restoration of backed up data and services has been tested and is working properly, safely stored offline. This is to ensure that the backup location is not targeted or compromised in the event of such an attack;
  • Apply virus scanners and enable strong spam filters on your mail servers to prevent phishing emails from reaching end users;
  • Update software and operating systems with the latest patches. Enabling the automatic updates feature, available in certain software, is recommended;
  • Use unique and strong passwords and apply multi-factor authentication where applicable;
  • Alert the staff to never click on links or open attachment from unknown or unexpected mail senders.

 

How ransomware infects your devices?
Ransomware have been mainly delivered via phishing emails through malicious HTML documents or URLs and then pressuring the target user to open them. Once the target clicks on the malicious link, all the files on the target’s device will be encrypted. Malicious actors will then demand ransom in exchange for the decryption key.

 

Security risks
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Responding to a ransomware attack often requires complex technical skills, time, and money. According to cybersecurity experts, applying the above mentioned preventive measures is the most effective way to protect your institution from the threat of ransomware.

 

Recommendations
Users or institutions are advised, if their systems are affected by ransomware, to NEVER pay the ransom because even with payments, there is no guarantee that criminals will unlock your device/files; and even if you are given access back to your files, your stolen data may still be published.

If you suspect that you have been victim to a ransomware, contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 900

 

Related Files

 

02 July 2021

© 2026 National Cyber Security Authority