Best Practices To Protect Against Ransomware

The average cost of remediating a ransomware attack more than doubled in the last 12 months, according to Sophos. 

“Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021,” Sophos found. “This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average.”

The steep costs associated with ransomware require us to understand what ransomware is and how an attack could affect your organization.  

What Is Ransomware?

Ransomware is malicious software (malware) that encrypts your data and may even threaten to publish it until you pay a ransom. More often than not, the attacker is the only person who knows the key to decrypt your data.

You may be infected with malware if an email tricks you into opening a link or clicking on an attachment that launches the ransomware.

Who Is A Target For Ransomware?

Everyone is a target for ransomware. 

Small- and medium-sized businesses, in particular, are a target. The frequency of successful breaches for SMBs increases every day. 

Without an incident response plan and protected data backup methods in place, SMBs risk losing thousands of dollars in ransom payments, plus incident response costs associated with restoring data and cleaning up breaches.

In fact, the cost of the fallout often costs much more than the actual ransom.

According to the Sophos report mentioned earlier, the average ransom paid in 2021 was $170,404, which balloons to $1.85 million in total remediation costs. Further, only 8% of organizations who paid the ransom retrieved all of their stolen data. 

For medical practices and other regulated organizations, a ransomware attack may be classified as a "reportable breach," impacting the reputation of the organization, and costing additional money in fines and penalties.

How Do Ransomware Attackers Get Paid?

Ransomware attackers often demand payment in the form of cryptocurrency such as bitcoin. This helps to make the transaction, and the assailant, untraceable.

However, there is never a guarantee that the attackers will relinquish the locked systems and stolen data back to you even if you pay them. That’s why law enforcement agencies worldwide advise against paying and rewarding ransomware attackers unless it’s a last resort. 

How To Prevent Ransomware

The threat from ransomware can be mitigated with some basic security controls in place so that companies can avoid paying the hefty ransom. 

• Keep your systems updated. First, keep your operating system and security products up to date. Some attackers can exploit security holes without even having to trick users.
• Don't open email attachments that look suspicious. Ransomware is primarily spread through the use of infected attachments or links in emails from attackers that appear at quick glance to be known and trusted. If you are not expecting an attachment from a sender, refrain from opening any attachments contained in that message. 
• Don't click on suspicious links in emails, and only click on links from known, trusted sources. Attackers prompt users to click links on websites or in emails that send victims to an infected site, which then infect the work station. 
• Implement conditional access. Ransomware affects the files on the infected workstation, and can also affect files and drives that are mapped to it. It is important to make sure that users only have access to the files and shares that they need access to through conditional access. Conditional access requires the user to complete a step before signing in to view or retrieve sensitive information. This will limit the impact and effectiveness of ransomware since it cannot encrypt files that it does not have access to.
• Implement an EDR solution. The evolution of legacy antivirus software is EDR, aka endpoint detection and response. EDR helps protect against common threats, such as ransomware and malware, by using AI to detect and respond to anomalies on your network. 
• Back up your data. Secure backups are the best way to mitigate the damage done from a ransomware infection. The ability to restore from backups will save you from having to pay the ransom. This will get you back up and running in a quicker fashion than paying a time-consuming and expensive ransom. 
• Practice security awareness. By knowing what types of tells that ransomware attackers deploy, your employers can avoid clicking on or opening malicious attacks. 

By implementing these basic security practices, your organization should be in a good position to deflect ransomware attacks. 

If you’re interested in learning more about your data’s security posture, please download our data security checklist! 

Or, consider taking a look at how Integrity's managed security services protect organizations against ransomware.