Best Practices To Protect Against Ransomware

About two out of three businesses were hit by ransomware in 2023, according to the State of Ransomware 2023 report from Sophos.

What's more, the study found that "data encryption from ransomware is at its highest level in four years" with data being both encrypted and stolen as a result of these attacks. 

Further, a ransomware attack could average more than $3 million:

• $1.54 million for the ransom.
• $1.82 million for the recovery cost.

The steep costs associated with ransomware require us to understand what ransomware is and how an attack could affect your organization.  

What Is Ransomware?

Ransomware is malicious software (malware) that encrypts your data and may even threaten to publish it until you pay a ransom.

The attacker is often the only person who knows the key to decrypt your data.

You may be infected with malware if an email tricks you into opening a link or clicking on an attachment that launches the ransomware.

Who Is A Target For Ransomware?

Everyone is a target for ransomware. 

Small- and medium-sized businesses, in particular, are a target. The frequency of successful breaches for SMBs increases every day. 

Without an incident response plan and protected data backup methods in place, SMBs risk losing thousands of dollars in ransom payments, plus incident response costs associated with restoring data and cleaning up breaches.

For medical practices and other regulated organizations, a ransomware attack may be classified as a "reportable breach," impacting the reputation of the organization and costing additional money in fines and penalties.

The Office for Civil Rights (OCR) from the U.S. Department of Health And Human Services (HHS) has even begun paying out settlements as a result of ransomware attacks that affect protected health information—first in 2023 and again in 2024. 

How Do Ransomware Attackers Get Paid?

A ransomware group often demands payment in the form of cryptocurrency such as bitcoin. This helps to make the transaction, and the assailant, untraceable.

However, there is never a guarantee that the attackers will relinquish the infected system and stolen data back to you even if you pay them. That’s why law enforcement agencies worldwide advise against paying and rewarding ransomware attackers unless it’s a last resort. 

How To Prevent Ransomware

The threat from ransomware can be mitigated with some basic security controls in place so that companies can avoid paying the hefty ransom. 

• Keep your systems updated. First, keep your operating system and security products up to date. Some attackers can exploit security holes without even having to trick users.
• Don't open email attachments that look suspicious. Ransomware is primarily spread through the use of infected attachments or links in emails from attackers that appear at quick glance to be known and trusted. If you are not expecting an attachment from a sender, refrain from opening any attachments contained in that message. 
• Don't click on suspicious links in emails, and only click on links from known, trusted sources. Attackers prompt users to click links on websites or in emails that send victims to an infected site, which then infect the workstation. 
• Implement conditional access. Ransomware affects the files on the infected workstation, and can also affect files and drives that are mapped to it. It is important to make sure that users only have access to the files and shares that they need access to through conditional access. Conditional access requires the user to complete a step before signing in to view or retrieve sensitive information. This will limit the impact and effectiveness of ransomware since it cannot encrypt files it does not have access to.
• Implement an EDR solution. The evolution of legacy antivirus software is EDR, aka endpoint detection and response. EDR helps protect against common threats, such as ransomware and malware, by using AI to detect and respond to anomalies on your network. 
• Back up your data. Secure backups are the best way to mitigate the damage done by a ransomware infection. The ability to restore from backups will save you from having to pay the ransom. This will get you back up and running in a quicker fashion than paying a time-consuming and expensive ransom. 
• Practice security awareness. By knowing what types of tells ransomware attackers deploy, your employers can avoid clicking on or opening files that could deploy malicious code. 

By implementing these basic security practices, your organization should be in a good position to deflect ransomware attacks. 

If you want to learn more about your data’s security posture, please download our data security checklist! 

Or, consider taking a look at how Integrity's managed security services protect organizations against ransomware.