Ransom:Linux/HelloKitty.A

Guidance for individual users

• Keep your operating system and antivirus products up to date.
• Go to aka.ms/ransomwaresolutions for general information and frequently asked questions about ransomware, defense against ransomware, and ransomware incident response playbook.
• To reduce the possible impact of exploited vulnerabilities, avoid opening any executable from unknown sources unless you’re confident that it comes from a legitimate source.
• Run periodic diagnostic scans with Microsoft Defender.
• Read about preventing malware infection to learn more about preventing ransomware or other malware from affecting individual devices.

Guidance for enterprise administrators

Ransomware more often attacks enterprises than individuals. Following these mitigation steps can help prevent ransomware attacks:

• Keep backups so you can recover data affected by ransomware and destructive attacks. Use controlled folder access to prevent unauthorized applications from modifying protected files.
• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Run Endpoint Detection and Response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Educate end users about protecting personal and business information in social media, filtering unsolicited communication, identifying lures in spear-phishing emails and watering holes, and reporting reconnaissance attempts and other suspicious activities.