Skip to content
Closeup of a person holding a USB stick that could contain ransomware.

Ransomware: 7 Ways to Protect Your Business

Ransomware can be one of the most damaging forms of cyberattack—so understanding how to protect your business is vital. In this article, we will explore what Ransomware is, how it works, and, most importantly, how you can defend against it.

Contents

How to Protect Your Business from Ransomware

What is Ransomware?

Ransomware is a type of malware that, as the name suggests, holds data at ransom. It is purposefully designed to deny people or organisations access to their data until a ransom has been paid.

It often encrypts files, making them inaccessible. Some types of ransomware may also delete files or threaten to release them if payment is not received. 

There are three very common types of ransomware attacks:

  1. Single-Jeapardu Ransomware threatens to delete sensitive data if the ransom isn’t paid.
  2. Double-Jeapardy Ransomware threatens to release sensitive information if the ransom isn’t paid.
  3. Triple-Jeapardy Ransomware targets customers, employees, and partners and demands payment from them.

Though ransomware behaves like any other virus in terms of infection, its focus on extortion and rapid damage escalation makes it uniquely disruptive.

Why is Ransomware Dangerous?

Ransomware is dangerous for several reasons, and businesses should take proactive measures to defend against ransomware at all costs. 

Operational Downtime

Even a short period of system unavailability can halt operations, costing thousands or even millions of pounds, depending on the size of the business and the scale of the attack.

Data Breaches

Double- and triple-jeopardy ransomware have transformed data theft into a blackmail tool. Attacks like these can impact brand image and trust, not to mention the compliance issues that come with a successful cyberattack

Backup Vulnerabilities

Cybercriminals often target backup files to render recovery impossible, even for businesses with robust disaster recovery plans. 

Common Types of Ransomware

Here are a few of the most common and dangerous ransomware attacks.

Crypto Ransomware

Crypto ransomware, the most common ransomware, attempts to encrypt data before demanding payment for its release.

Locker Ransomware

Another common type of ransomware, locker ransomware, also known as screen ransomware, attempts to lock users out of their devices, displaying a ransom note instead. 

Doxware/Leakware

Doxware or leakware, as the latter suggests, threatens to leak data if a ransom is not paid on time. 

Scareware

Scareware attempts to trick users into thinking their data has been compromised, often encouraging them to purchase fake antivirus software to prevent further damage.

How does Ransomware Get into Your Business?

For ransomware to succeed, two phases must be completed. First, it must successfully infiltrate your network. Second, it must spread throughout your network, escalating privileges until it has found, removed, or encrypted the target files and potentially your backups.

Phase One

Phishing Attacks (Social Engineering)

Human error is often the most common cause of successful ransomware attacks, making phase one difficult to prevent.

Phishing emails, malicious links, and infected attachments are all very common, and even with cybersecurity training, employees can still be tricked into letting ransomware onto the network.

Physical Breaches

A physical breach occurs when someone gains unauthorised access to your premises. If left unchallenged, this person can download ransomware directly onto your network from inside your office (this can be done via USB, downloading malicious software, etc.)

Exploiting System Vulnerabilities

If you have unpatched, known vulnerabilities on your network, these can also be used as entry points. While some of these vulnerabilities can be zero-day vulnerabilities, i.e., new vulnerabilities that cannot be patched yet due to their status as previously undetected, most vulnerabilities will be caused by outdated or unpatched software.

Check out this article to learn more about the importance of keeping operating systems updated.

Phase Two

Since much of Phase One is caused by human error, making it difficult to prevent, it is common for cybersecurity teams to focus most of their efforts and resources on Phase Two and damage limitation.

Privilege Escalation

Once inside, ransomware often seeks to escalate privileges, gaining administrator access to spread across systems and encrypt files at a higher level. 

Since phishing attacks are rarely highly targeted, relying more on a “wide-net” approach, ransomware is more often than not downloaded onto computers with minimal access and must, therefore, carry out privilege escalation. 

Lateral Movement

As well as moving up, ransomware can spread laterally across networks via protocols like SMB (Server Message Block), infecting multiple systems quickly.

Lateral movement has the same function as privilege escalation. Since it is unlikely that a single computer has access to everything, the ransomware must travel across the network to increase its access to data.

How Can You Protect Your Business from Ransomware?

Now that we understand how ransomware enters businesses, we must focus on preventing it from entering and limiting the damage it can cause if it does. 

Conduct a Ransomware Readiness Assessment

To take positive preventative action, you must first evaluate your organisation’s security posture. 

A penetration test will simulate a real-world ransomware attack to determine how damaging an actual attack could be to your business before offering remediation advice that will give you a clear path for improvement. 

Read our comprehensive guide to penetration testing to learn more.

Employee Cybersecurity Training & Zero-Trust Frameworks

Through employee training and by creating a cybersecurity-conscious, zero-trust, or speak-up culture, you can significantly reduce the chances of human-error-induced ransomware attacks. 

If employees feel empowered to question suspicious behaviour, emails, files, etc., without fear of repercussions should they be wrong, your business will be significantly more secure.

It’s worth noting that this attitude also helps to prevent physical breaches, as it increases the likelihood of unauthorised persons being stopped and questioned.

Backup Data & Disaster Recovery

Isolated (air-gapped) backups are a must. Encrypt these backups and restrict access to authorised personnel only. 

Additionally, regularly test your backups to ensure they function correctly, and that data can be restored quickly.

Regularly Update and Patch Systems

Ensure operating systems, software, and applications are updated to fix security vulnerabilities and regularly replace outdated hardware and software that cannot be updated.

Check out this article to learn more about the dangers of outdated, legacy equipment

Defence-in-Depth

Defense-in-depth is a cybersecurity strategy that uses multiple layers of security to protect against a wide range of threats, including ransomware. This layered approach ensures that if one defensive measure fails, others are in place to minimise the risk of an attack succeeding.

Web and email filtering, multi-factor authentication, limiting/turning off USB access, network segmentation, and disabling SMBs to prevent lateral movement are all highly valid defence-in-depth strategies for preventing or limiting the impact of ransomware attacks.

Network Monitoring

Network monitoring tools can identify unusual activity, such as unauthorised access, abnormal data transfers, or unexpected file encryption, allowing you to respond to potential attacks before significant damage occurs.

Cyber Insurance

Cyber insurance helps companies deal with and recover from successful ransomware attacks. While it isn’t a preventative measure, it is crucial in limiting damage and ensuring business continuity. 

A Word of Warning

It is worth pointing out that “perfect cybersecurity” is not strictly possible—especially regarding ransomware, which relies heavily on human error. 

It’s also worth pointing out that some defence-in-depth and zero-trust strategies can negatively impact business operations, often hampering productivity.

So, while protecting your business, employees, customers and partners against ransomware is important, you must strike a balance between cybersecurity and business functionality.

Essentially, it is up to you and your team to decide how much risk you are willing to take.

What Should you do if Ransomware Successfully Encrypts or Deletes your Data?

If ransomware infiltrates your systems, follow these steps to limit the damage:

  1. Immediately disconnect infected systems from the network to prevent further spread.
  2. Report the attack to local cybersecurity agencies or law enforcement.
  3. Avoid paying the ransom since paying doesn’t guarantee file recovery and encourages further attacks.
  4. Restore your files using secure, uncompromised backups. Only do this if you are positive that the backups and the network you’re connecting them to are uncompromised. 
  5. Contact cyber security professionals who can assist with containment, recovery, and future-proofing your defences.

After all, once a ransomware attack has successfully infiltrated your network, all you can do is to try and limit the damage as much as possible. By following this list, you give yourself a good chance of doing that.

For more information on how to deal will being successfully targeted by a ransomware attack, check out the National Cyber Security Centre’s guide.

Conclusion

Now, you know everything you need to know about ransomware. You know its dangers (loss of data, operational downtime), how it attacks your business (phishing, privilege escalation), and the steps you can take to prevent or limit damage (defence-in-depth, employee training). 

If you want to fully understand your security posture and how it would withstand a ransomware attack, book a free call with one of our expert penetration testers today.

Book Your Ransomware Readiness Assessment Today!

Book a Call

Recent posts

Operating Systems: Why is it Important to Keep Them Updated?

Read more

Essential Guide to Annual Pentests: Why They’re Vital for Your Security

Read more

Legacy Equipment: Understanding the Risks and Challenges

Read more

Non-Perfect Cybersecurity: What is it and Why is it Common?

Read more