How to recover from a ransomware attack Types of ransomware and a timeline of attack examples

How to prevent ransomware in 6 steps

Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices, from defense in depth to patch management, to keep attackers out.

There's no shortage of ransomware attacks in the headlines today. Attacks within the past year have proven no company is safe, regardless of size or industry.

Ransomware attacks can cause significant damage, but they are almost completely preventable. Organizations that build a strong cybersecurity foundation will find themselves far less vulnerable to attacks than their competitors.

Follow these six ransomware prevention best practices to bolster your company's defenses and prevent it from falling victim to this all-too-common attack.

1. Maintain a defense-in-depth security program

Ransomware is a type of malware, and the reality is most ransomware outbreaks use well-known variants that are easily detected by active antimalware controls. Most antimalware tools today include specialized anti-ransomware features.

Build a defense-in-depth security program that has strong antimalware in conjunction with other technologies and processes, such as the following:

Ransomware prevention best practices also include following the principle of least privilege; requiring multifactor authentication; using VPNs, zero-trust network access or other perimeter security technologies for remote employees; disabling or limiting Remote Desktop Protocol use -- a common entry point for ransomware attacks -- and protecting ports from exploitation.

2. Consider advanced protection technologies

While most ransomware attacks can be caught by basic antimalware defenses, risk remains that attackers will target victims with novel attacks. To detect these zero-days, consider using advanced technologies and strategies, including the following:

3. Educate employees about the risks of social engineering

Ransomware often enters an organization through the inadvertent actions of employees. Most times, this involves an employee falling victim to a phishing attack and clicking a malicious URL or downloading an infected attachment.

Conduct regular cybersecurity awareness training for all employees, partners and stakeholders. Aim to offer current and consistent messaging that both reminds them of foundational best practices and teaches them about new types of phishing attacks. Ransomware-specific awareness training can help drive home the severity of the threat.

At a minimum, advise employees to do the following:

  • Use strong passwords.
  • Verify email senders.
  • Open links and attachments only from known senders.
  • Refrain from opening suspicious emails, clicking questionable links or downloading suspicious attachments.

Unprepared employees can expose a company to significant risk. Ensure the staff knows what to do in the event ransomware does infect the network, including immediately notifying management if there is any reason to believe an attack might be underway.

Develop a ransomware incident response plan that includes actions for employees, the security team, management, etc.

4. Patch regularly

Regularly installing patches for software and system vulnerabilities could have saved many organizations a lot of time, stress and money. The notorious WannaCry ransomware attack in May 2017, for example, exploited a vulnerability in legacy versions of the Server Message Block protocol. Microsoft had released a patch for the vulnerability in March 2017, but the WannaCry ransomware still affected approximately 230,000 systems worldwide.

Follow a patch management program and best practices to ensure any vulnerabilities are patched quickly and efficiently.

5. Frequently back up critical data

Most ransomware attacks aim to deprive victims of access to critical information until they pay a ransom. Backups can mitigate this risk by providing you with a fallback plan.

If ransomware encrypts your data, backups can help restore access quickly without meeting the attacker's demands. Store backups where they cannot be accessed from the network. Disconnect the backup, or put it on an external device, so it will not be affected by a ransomware attack.

Remember: Restoring from backup brings you to a point in time where you likely still have the same vulnerability that attackers originally exploited. Make sure your ransomware recovery process includes the identification and remediation of the incident's root cause.

6. Don't depend solely on backups

Ransomware is evolving. Many attackers now employ double extortion, where they encrypt the victim's data and exfiltrate it, or triple extortion, which involves the addition of a DDoS attack or extorts the victim's customers, partners and other third parties. In these attacks, even if a company restores its data from backup, the attacker can still demand that a ransom be paid to not leak the data.

Backups are important, but they're only one element of a defense-in-depth ransomware prevention strategy.

Pulling it all together

Organizations that follow these ransomware prevention best practices will find themselves well prepared for the next wave of ransomware attacks. While these security controls aren't rocket science, in the face of millions of successful attacks in the past year, they remind us they're critically important.

Next Steps

Types of ransomware and a timeline of attack examples

3 ransomware detection techniques to catch an attack

How to develop a cloud backup ransomware protection strategy

Ransomware trends, statistics and facts in 2023

Why using ransomware negotiation services is worth a try

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing