Always Have an Unattached Backup
While it is always recommended that you back up to several systems at once, the backups will not be effective if they are attached to your Mac, even if they are attached to the Time Machine.
Most sophisticated ransomware will encrypt Time Machine backups as well as rendering them useless.
The best way to ensure that you do not lose your data and the backups is to always have an unattached backup in the form of a hard drive or a cloud backup that continuously uploads your files.
That way you can always restore any data from the hard drive or from the cloud services. Most cloud services have versioning capabilities that allow you to choose which version of files you want to restore.
Ensure you have Properly Configured your Security Settings
Most Macs come with a range of software and hardware security settings that you can configure to make your computer safer. However, settings such as limiting user account permission and enabling strong passwords are just the tip of the iceberg.
Some of the most important settings that you need to configure to protect your computer from ransomware attacks is to have firewalls and secure network protocols.
These will block your computer from accessing known malicious websites, and will also block any hijacked transmissions. While these will not protect your computer from infection, they can reduce the risk by preventing your Mac from communicating with known malicious networks.
Keep Your MAC OS client and Server OSes Updated
Regular updates of the servers and clients will ensure that you are not at risk from known vulnerabilities. Apple constantly patches up common exposures and vulnerabilities in every update and by keeping your system updated you will be safe from most threats except for zero-day exploits.
There are all manner of tools available to small medium and large organizations that you can deploy for patch management that will keep your systems safe. You can also configure Apple’s inbuilt tools such as the leveraging Terminal which will do several update tasks.
Such tasks include implementing macOS Server that allows easier management of the Apple Update Server and remotely executing update commands.
By configuring these devices you can rest assured that your devices are constantly patched and you get granular feedback whenever it happens.
While Macs typically come with their own security features, you cannot have too much security when it comes to ransomware. One of the best tools out there is the aptly named Ransomwhere.
RansomWhere is a tool that constantly monitors your files for any suspicious processes that may suddenly start encrypting files.
Once RansomWheredetects any suspicious encryption activities, it immediately suspends the process and creates a list of encrypted files and the name of the process responsible.
You can then decide whether you need to terminate the given process, or if you believe there is a legitimate reason for the encryption, you can let the process continue running.
NOTE:RansomWhere only spots potential ransomware after the encryption has started, and hence you will lose a few files before the tool stops the process responsible.
Act on XProtect Warning
The Mac has a host of security features that can protect your computer from ransomware but only if you pay attention when they give you warnings.
One of the most effective of these security features is XProtect, which is a tool that keeps an updated list of known malware and any new ones as they are discovered.
XProtect will always check any files and software you download or attempt to launch for the first time and warn you if it matches any of the malicious files in its database.
The best way to protect your computer from ransomware is to read all warnings from XProtect and only proceed with installation or launch if you are absolutely sure that the file or software is clean.
If the tool warns you that the software or file may damage your computer immediately move it to the Trash folder, then empty the trash folder to get rid of the file forever. The same applies to warnings that X application cannot be opened.
Install a Security Suite and a VPN
You should install malware and antivirus security suites that will harden your system from ransomware threats.
Always go with the top tier security companies which have suites that perform heuristic scanning, have always-on monitoring and excellent detection rates. Heuristic scanning can often be expanded to include making the suite capable of detecting ransomware processes and informing you of the same.
Malwarebytesis one such program that is very effective at scanning your computer for any code that is impacting performance or doing unauthorized actions and then removing the malicious code.
While Malwarebytes is not designed specifically for ransomware, it is very effective against the full range of malware threats. If you decide to go with the premium version, you can configure the software to perform regular scans of your Mac for any suspicious ransomware activity.
You should also have a VPN installed on your Mac, as it will encrypt all your traffic and make it unreadable to anyone who may be successful in intercepting it.
Secure your Transmissions and Data storage and Transmissions
While encrypting data will not be of much protection from a ransomware infection, it can provide some form of containerization to sandbox encryption that makes the process unreadable to malicious players who do not have access to the container application’s API.
You can also go for encryption such as FileVault which makes it possible to encrypt the whole disk including your apps, and data.
With file vault, you can rest assured that your Mac is fully protected from any third party tampering once you switch it off or log out.
As such, any malware will not be able to decipher any data and there will be unable to modify or infect your files.
Similarly, use proxy servers and VPN’s to reroute traffic and secure network connectivity.
By configuring and filtering for non-compliant, infected and trusted systems you can significantly reduce your Mac risk for infection from ransomware.