How to Prevent Ransomware Attacks: Key Practices to Know About

The last 12 months or so have seen ransomware around the world continue to set new, unwanted records. Both the frequency of recent ransomware attacks and the figures cybercriminals have demanded from businesses continue to rise, and it’s clear that every company is a target, no matter its size or sector.

As a result, organizations unprepared to stop ransomware attacks will be leaving themselves at huge risk. Therefore, it’s vital that enterprises appreciate the scale of the ransomware threat in 2024 and understand how to prevent ransomware attacks.

Step one must be to ensure firms have a comprehensive understanding of what these attacks involve and why they are so dangerous. This includes knowing exactly what happens during a ransomware attack, how firms get infected and what can be done to both prevent and recover from these incidents.

Ransomware is a wide-ranging term that refers to any form of malicious software (malware) that aims to disrupt a firm’s operations, with the hacker then demanding a monetary payment in exchange for restoring systems.

Traditionally, this would have involved infecting a business with a ransomware virus that sought out important files and encrypted them, rendering them unusable unless companies paid for the decryption key. However, today the most common form of this attack involves double extortion ransomware, which also aims to exfiltrate data from a business. Once hackers have this data, they can then demand further ransom payments to prevent the public exposure of sensitive information.

The most common way for ransomware to enter a network is via email. This can include either infected attachments or harmful links designed to entice employees to click. Alternatively, users may be tricked into handing over login credentials that hackers can then use to gain access to systems and implant their malware. 

However, one increasing trend is towards so-called ‘fileless attacks’. These use otherwise legitimate tools such as PowerShell to initiate ransomware. This can be an especially dangerous vector as they leave no signature and can be impossible to pick up using traditional defenses.

Guarding against ransomware has now become a critical part of every firm’s cybersecurity strategy. For example, Cybint described 2023 as the “most successful year for ransomware groups in history”, with its research noting that there was a 55 percent increase in the number of victims.

The costs involved with a ransomware incident can essentially be broken down into three key areas: operational, financial and reputational. 

Operationally, falling victim to a ransomware attack can leave companies unable to serve customers, leading directly to lost business and unhappy customers and employees.

In addition to reduced revenue, other financial costs may include disaster recovery and mitigation, investigation expenses, regulatory fines, customer compensation and direct ransomware payments, to name just a few. These can quickly add up, with the average cost of a ransomware attack now reaching upwards of $4.5 million.

Finally, there are the reputational aspects to consider. This can be especially damaging if hackers publish or sell customers’ personal or financial data online. This means customers will lose faith that a company is a trustworthy partner and custodian of their private information, making it more likely they will take their business elsewhere. The impact of this can be severe and long-lasting, potentially putting the future viability of the organization in jeopardy.

While there are a variety of mitigation strategies businesses can turn to if they do fall victim to ransomware, the best way to protect against it is to avoid infection in the first place. This requires a strong focus on data security throughout the organization and a range of preventative techniques. Here are some of the most important ransomware best practices that no business should be without.

While blocking attacks at the edge of the network before they have a chance to infiltrate the network is essential, techniques such as advanced firewalls, antimalware and email security alone aren’t enough. Greater use of techniques such as fileless malware can easily bypass these defenses and, if left unchecked, can have free rein inside your network. Therefore, monitoring tools that can keep an eye on suspicious data traffic and other activity within your systems are a must.

Human error remains the number one cause of malware infections – with this at least partly responsible for 88 percent of data breaches. Therefore, it’s vital all employees are trained on what red flags to look for and how to alert security teams of suspicious activity. It’s also not enough to lecture individuals on their responsibilities. Firms need to make sure messages are sinking in, so frequent testing of employees, such as with fake phishing emails, is also highly important.

Outdated software is another major cause of data loss – and breaches caused by unpatched systems cost firms 54 percent more than incidents related to user actions. To avoid this, it pays to have a clear patching schedule for every system within the network. This can be a tedious job, but the right tools can help identify and alert security teams to potential issues and keep on top of this.

If hackers have been able to gain access to systems, they still won’t be able to operate a successful ransomware attack unless they can actually exfiltrate data from the network. Therefore, tools to protect every endpoint on the system against this activity – from desktop PCs and servers to employee-owned smartphones – are essential. Dedicated, lightweight anti data exfiltration (ADX) software enables this by using machine learning to monitor every packet of data leaving the network, with the ability to automatically step in and shut down any suspicious activity.

Even the most effective solutions cannot guarantee 100 percent protection. It may only take one mistake from a single user or a hacker exploiting a previously-unknown vulnerability for a network to be compromised. While ADX solutions can still be hugely helpful in preventing data theft, there may still be opportunities for more traditional ransomware tactics such as encrypting data unless firms have the right defenses in place. This is where comprehensive backups and data recovery tools come in to assist with ransomware recovery.

If critical files have been made inaccessible, either through deletion or encryption, and firms are not able to turn to backups, this can render a business completely inoperable, unable to perform the simplest tasks. This is what hackers are counting on to force a company to pay up, so ransomware mitigation strategies must include a plan for backup and recovery.

It won’t be practical or necessary to back up an entire company’s files on a regular basis, so it’s important to audit what assets exist and how high-priority they are. For sensitive files, backups at least daily – if not two to three times a day – should be the minimum. 

When it comes to the most mission-critical assets, however, companies should also consider using continuous data protection strategies to safeguard their data. This sees backups created every time a change is made and, while potentially costly and resource-intensive, it is the best way to ensure there will be no data loss.

Once a ransomware virus has been detected and firms need to turn to backups, it’s important there is a clear process in place to do this. Otherwise, firms may run the risk of having their newly-restored files also fall victim. Therefore, following a few key steps is vital to the success of such operations. These include:

• Ensuring all infected systems have been fully isolated
• Identifying recovery plan objectives – what critical data needs to be prioritized?
• Assigning clear roles to all team members
• Contacting relevant stakeholders or regulators

Ideally, these steps should all be spelled out in a pre-existing disaster recovery plan that has been drafted and tested prior to any incident. If firms don’t have such a document and are taking an ad hoc approach, this greatly increases the chances of errors being made.

Businesses cannot rely solely on traditional defenses such as antimalware tools in order to protect against ransomware. Instead, they must take a proactive approach that emphasizes continuous updates, effective communication with employees and specialist ransomware solutions such as ADX to address the ever-evolving threat. 

With these attacks now the number one tactic used by hackers, a dedicated focus on ransomware defense is essential if firms are to minimize the risk of having their most sensitive data compromised.