Ransomware attack case study: Recovery can be painful How to develop a cloud backup ransomware protection strategy

How to prevent ransomware: 6 key steps to safeguard assets

Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices to keep attackers out.

There's no shortage of ransomware attacks in the headlines today. Attacks within the past year have proven no company is safe, regardless of size or industry.

Ransomware attacks can cause significant damage, but they are almost completely preventable. Organizations that build a strong cybersecurity foundation will find themselves far less vulnerable to attacks than their competitors.

Follow these six ransomware prevention best practices to bolster your company's defenses and prevent it from falling victim to this all-too-common attack.

1. Maintain a defense-in-depth security program

Ransomware is a type of malware, and the reality is that most ransomware outbreaks use well-known variants easily detected by active antimalware controls. Some antimalware tools today also offer specialized anti-ransomware features.

Build a defense-in-depth security program that has strong antimalware in conjunction with other technologies and processes, such as the following:

  • firewalls
  • endpoint scanning and filtering
  • network traffic analysis
  • web filtering
  • intrusion detection systems
  • email security filtering
  • allowlisting/denylisting

Ransomware prevention best practices also include following the principle of least privilege; requiring multifactor authentication; using VPNs or other perimeter security technologies for remote employees; disabling or limiting Remote Desktop Protocol use -- a common entry point for ransomware attacks -- and protecting ports from exploitation.

2. Consider advanced protection technologies

While most ransomware attacks can be caught by basic antimalware defenses, risk remains that attackers will target victims with novel attacks. To detect these zero-days, consider using advanced technologies, including the following:

3. Educate employees about the risks of social engineering

Ransomware often enters an organization through the inadvertent actions of employees. Most times, this involves an employee falling victim to a phishing attack, clicking a malicious URL, or downloading and opening an infected attachment.

Conduct cybersecurity awareness and training programs for all employees, partners and stakeholders. Offer current and consistent messaging on a regular basis.

Advise employees to do the following:

  • Use strong passwords.
  • Verify email senders.
  • Only open links and attachments from known senders.
  • Do not click questionable links or download suspicious attachments.

Unprepared employees can expose a company to significant risk. Ensure the staff knows what to do in the event ransomware does infect the network and notify management immediately.

Develop a ransomware incident response plan that includes actions for employees, the security team, management, etc.

4. Patch regularly

Regularly installing patches for software and system vulnerabilities could have saved many organizations a lot of time, stress and money. The notorious WannaCry ransomware attack in May 2017, for example, exploited a vulnerability in legacy versions of the Server Message Block protocol. Microsoft released a patch for the vulnerability in March 2017, but the WannaCry ransomware still affected approximately 230,000 systems worldwide.

Follow a patch management program and best practices to ensure any vulnerabilities are patched quickly and efficiently.

5. Perform frequent backups of critical data

Most ransomware attacks aim to deprive victims of access to critical information until they pay a ransom. Backups can mitigate this risk by providing you with a fallback plan.

If ransomware encrypts your data, backups can help restore access quickly without meeting the attacker's demands. Store backups where they cannot be accessed from the network. Disconnect the backup, or put it on an external device so it will not be affected by a ransomware attack.

Remember: Restoring from backup brings you to a point in time where you likely still have the same vulnerability that attackers originally exploited. Make sure your ransomware recovery process includes the identification and remediation of the incident's root cause.

6. Don't depend solely on backups

Ransomware is evolving. Many attackers now employ double extortion -- they encrypt the victim's data and exfiltrate it. This way, even if a company restores its data from backup, the attacker can still demand a ransom be paid to not leak the data.

Backups are important, but they're only one element of a defense-in-depth ransomware prevention strategy.

Pulling it all together

Organizations that follow these ransomware prevention best practices will find themselves well prepared for the next wave of ransomware attacks. These security controls aren't rocket science, but in the face of millions of successful attacks in the past year, they remind us they're critically important.

Next Steps

3 ransomware distribution methods popular with attackers

Top 3 ransomware attack vectors and how to avoid them

4 types of ransomware and a timeline of attack examples

3 ransomware detection techniques to catch an attack

How to develop a cloud backup ransomware protection strategy

This was last published in September 2021

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing