While the number of ransomware attacks is decreasing across the globe, there were still a total of 236.1 million ransomware attacks worldwide during only the first half of 2022.¹ In other words, yes, the numbers are getting better, but no, you cannot stop worrying about ransomware. These attacks are still quite prevalent and threatening to your business.

In fact, according to Gartner, the “average downtime during (ransomware) attacks in 4Q20 was 10x-21x”, and the “average ransomware payment in 4Q20 was $154,108”.²

What this means is that ransomware prevention is still the best strategy going into 2023 and beyond. A proactive approach, rather than a reactive/remediation one, will protect you the most from the four types of ransomware – encryption, lockers, scareware, and doxware/leakware. An effective, ransomware prevention strategy has several critical elements you should be aware of to keep your organization safe. They can be categorized by entrances, education, reviews, software, backup, and segmentation.

Let’s take a closer look.

1^st Step: Protecting your Entrances

“Restricting access to common entry points protects your critical applications and data from encryption.”³ This means, you should remove all non-essential network entry points, identify and remediate common entry points; and map every service, device, and application. These tactics will help you know precisely where your vulnerabilities are.

Be sure to also install reliable anti-malware and anti-virus programs across your organization to further protect against unauthorized network entry. Another best practice is to minimize employee use of personal devices while working. Unmanaged devices are often invisible and uncontrollable for IT security teams. If they don’t know about it, they can’t protect against it. By eliminating much of their use, you in effect free up your security team to employ even more preventative measures.

2^nd Step: Educating your Staff

Remote workers and “Bring Your Own Device” staff pose the biggest risk to your network in terms of ransomware vulnerability. They are constantly tapping into the network from the outside. A comprehensive ransomware prevention and education strategy can go a long way toward protecting your business.

“A poorly trained workforce can leave even the most sophisticated networks vulnerable to a ransomware attack if they click on a suspicious link or mistakenly open an infected attachment.”⁴

These practices can include the following:

• restricting use of external thumb drives
• using passphrases to construct passwords
• requiring staff to report suspicious emails to your security personnel
• using secure, approved file transfer solutions to protect sensitive information
• ensuring employees use caution when clicking external links on the web and in emails
• installing anti-phishing add-ons
• controlling how/when employees can give information to unsecured sites⁵

3^rd Step: Conducting “Access” Reviews

Your remote workers and external vendors/partners should be reviewed frequently to ensure those that use your services and applications have the right access and the least amount of privilege needed to do their job. It can be easy to batch-assign a whole group with the same privileges, but it is not prudent. Take the time to grant specific access to specific individuals. You will find that many staff only need “read-only” privileges. Start with this level if you can and only grant further access if/when it is needed. Do not fall into the practice of initially providing a higher level of access than might be needed. Start low and escalate accordingly.

Your network access reviews of virtual staff and external vendors should occur at least once a year and include the following types of activities:

• Assess their remote access tools and ensure they have the right anti-virus software installed
• Review their VPN access process/protocols/credentials and update them as necessary
• Check their multi-factor authentication protocols for accessing your network and any collaborative services
• Observe their spam filter and ensure it is configured to properly prevent delivery of potentially malicious attachment types

4^th Step: Employing the Right Software

There are also ransomware removal software systems to help you with rapid eradication, but the best policy is always to eliminate ransomware from first entering your network. A cybersecurity and data protection solution can help you detect and remove ransomware threats and patch network vulnerabilities. This approach leads to end-to-end protection. When all else fails and an attack does occur, having disaster recovery software installed on your network will help you recover what is being held hostage or lost, to mitigate downtime.

Consider ransomware protection software that enables you to easily protect your files, folders and data from ransomware attacks. Top antivirus software has built-in ransomware protection.

Some solutions featured a multi-layered approach featuring both ransomware detection and remediation. They effectively detect every file-encrypting ransomware threat, and “If the behavior-based detection system gets any hint of a problem, the remediation system makes secure backups of important files.”⁶

5^th Step: Backing up your Data

Best practices in ransomware data backup recommend both online and offline backups. This so-called 3-2-1 approach stores three copies of your backed-up data. You should have two separate copies backed up every hour: one stored in a cloud storage provider and the other in a more secure cloud backup provider. At the same time, store a third copy offline on a hard drive. This way, you are protected in three different ways in case one manner fails to effectively recover your data, files and folders.

Other features to consider include:

• WORM (write once, read many)
• Multi-factor authentication
• Role-based access control
• Encryption
• Fault tolerance
• Alerts⁷

To ensure proper and effective hourly backup, it is important to also review your backup policies and procedures frequently.

6^th Step: Segmenting your Network

Network segmentation partitions your network into isolated sections. This way, ransomware attacks will be compartmentalized to only a portion of your network. “In an ideal version of network segmentation, each subnetwork would be completely divided, existing in completely different security and IP zones, and only connecting at very limited points, on very limited ports, through clear points of monitoring.”⁸

Best practices suggest creating a network of similar functioning machines, such as a network for printers, one for servers, or one just for finance.

“The creation of multiple networks effectively improves the security of networks that contain crucial files.”⁹

7^th Step: Practicing Safe Computing

There are many practices each employee in your organization can do to help mitigate ransomware attacks – simple, everyday things.

These suggestions include:

• Never click on unsafe links – Do not click on links in spam messages, e.g. Many organizations employ email filtering solutions to help keep these dubious emails from ever reaching employees.
• Avoid disclosing personal information from untrusted sources – Cybercriminals can use this information to tailor phishing messages specifically to you
• Do not open suspicious attachments – If you are unsure about an attachment, do not open it, especially from an unknown sender. It could be corrupted and impact your system.
• Never use unknown USB sticks – Do not ever insert an unknown USB storage device into your computer. It could be infected. Sometimes these are left sitting around in public places to entice individuals to open them.¹⁰
• Do not ever leave your business laptop unattended at a cybercafé, airport, hotel lobby, etc. A cybercriminal only has to insert a USB device into your computer to corrupt your system and ultimately your company’s network.

Ransomware attacks can literally cripple an organization, both operationally and financially. Being proactive in your prevention strategy puts you in a position of avoidance rather than remediation. Take these best practices and work them into your business network and/or contact us for a free consultation. 

---

[1] “Number of ransomware attacks per year 2016-H1 2022,” Aug. 3, 2022, Statista

[2] “Gartner Says Threat of New Ransomware Models is the Top Emerging Risk Facing Organizations”, Oct. 21, 2021, Gartner.

[3] “5 Ransomware Protection Strategies To Neutralize Cyberattacks”, Aug. 21, 2020, Cybercrime Magazine.

[4] “How training employees about ransomware can mitigate cyber risk”, Aug. 6, 2022, INFOSEC.

[5]  “3 Steps to Stop Employees From Taking Cyber Bait”, 2021, Gartner.

[6] “The Best Ransomware Protection for 2022”, July 20, 2022, PC Magazine,

[7] “Best Backup Solutions for Ransomware Protection”, Sep. 22, 2021, eSecurity Planet.

[8] “Using Network Segmentation to Combat Ransomware”, May 14, 2020, ISACA.

[9] “Enterprise Network Protection: Protecting Data through Network Segmentation”, Sep. 14, 2016, TrendMicro.

[10] “Ransomware Protection: How to Keep your Data Safe in 2022”, 2022, Kapersky.