There are many articles, guides, and resources available across various Palo Alto Networks properties to guide users on how to best protect their organizations from ransomware. After spending some time to find many of them, I thought I would share with everyone.
High level from what I could find there were a few high level recommendations from resources like Unit 42:
1. Block network-borne ransomware (NGFW + Security subscriptions)
Someone made a great write up on the knowledge base about best practices for general ransomware prevention. Unit42 as well seems to publish research on specific attackers like (ex: Darkside) which give more specific guidance. If you read the first link, you'll see there are several action items to take and I've tried to link documentation and best practice pages as best I can for these:
2. Prevent Ransomware on endpoint with Cortex XDR
3. Leverage SOAR to quickly respond & automate hunting for threats
SOAR platforms and playbooks are great to document and automate responses. Cortex XSOAR has a lot of OOTB content and playbooks for certain scenarios which can be great references (even if you can't get a SOAR tool in your arsenal today). Ransomware is one of these. Full documentation here.
4. Contain and recover with experts on hand
In addition to products, Palo Alto Networks is doing a lot of work in consulting, services, etc these days to be a full partner to customers and not just a tech vendor. Below are some links to a bunch of the services available - one of which is a Ransomware Readiness to look at current state of an org and map a path to be ready to fight off ransomware attacks.
Finally, an excellent general resource (as linked in the comments below) is the Unit42 Incident Response and Data Breach Report, which goes into great detail about major trends and action plans to mitigate (including but not limited to Ransomware).
Adding to this thread with the incident response firm, CrypSis, and their 2020 incident report found here.
Many great tidbits of information in here, from their largest observed entry vectors, threat actor groups, most targeted services, etc.. Beyond the Palo platform, there's lots of general networking best practice guidelines in the report.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!