Ransom:Win32/LockBit

Keep backups so you can recover data affected by ransomware and destructive attacks. Use  controlled folder access  to prevent unauthorized applications from modifying protected files.  

Harden internet-facing assets  and ensure they have the latest security updates. Use  threat and vulnerability management  to audit these assets regularly for vulnerabilities, misconfigurations, and suspicious activity.  

Secure Remote Desktop Gateway using solutions like Azure Multi-Factor Authentication (MFA). If you don’t have an MFA gateway, enable network-level authentication (NLA).  

Monitor for brute-force attempts. Check excessive failed authentication attempts (Windows security event ID 4625).  

Turn on cloud-delivered protection  and automatic sample submission on  Microsoft Defender Antivirus . These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.  

Turn on attack surface reduction rules , including rules that block ransomware activity and other activities associated with human adversaries. To assess the impact of these rules, deploy them in audit mode.  

Utilize the  Microsoft Defender Firewall  and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities.  

Turn on  tamper protection  features to prevent attackers from stopping security services.  

Use  Office 365 ATP  for enhanced phishing protection and coverage against new threats and polymorphic variants. Office 365 ATP customers should ensure that  Safe Links protection  is enabled for users with  Zero-hour Auto Purge (ZAP)  to remove emails when a URL gets weaponized post-delivery.  

Educate end users about protecting personal and business information in social media, filtering unsolicited communication, identifying lures in spear-phishing email and watering holes, and reporting of reconnaissance attempts and other suspicious activity.