Let me stick my oar in. Since ransomware is a form of malware, and since I've known about it since the first case in 1989 (and wrote about it in both virus books).
Make a backup. Make multiple types of backups, if stuff is important to you. Remember layered defence. It should be part of your BCP.
Have some awareness. I mean, quite aside from ransomware not being new, and going back to 1989, stories are hitting the nightly TV news just about every week these days. Pay attention!
Don't pay ransom. It only encourages them. And others. Anybody who pays ransom is supporting the ransomware "industry." Period.
(Well, if you think you need to pay a ransom, then you didn't make a backup when I told you, right?)
Ransomware isn't one thing: it's many different programs and families, with all kinds of different capabilities.
Sometimes they encrypt without a key, and *nobody* can get your data back.
Sometimes they encrypt with a single symmetric key and anybody can get your data back: even you.
Sometimes they do a proper encrypting job but are too cruel or lazy to respond when you contact them.
If you do get hit, contact a reputable anti-virus/anti-malware company. Since ransomware is a form of malware, most such companies will be keeping track of the various ransomware programs, and can tell you whether a) the encryption is done wrong and *nobody* can get your data back, b) the encryption is done right but these guys aren't to be trusted, or c) the encryption is done sloppily and there is a quick fix that will get your data back.
And don't pay ransom. Not even second hand.
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
