How to block ransomware
Updated on October 21, 2022, by Xcitium
How do you block ransomware?
How to Block Ransomware: To block ransomware, use a combination of endpoint security tools, regular backups, email filtering, software updates, and user awareness. Proactive protection—especially zero-trust and behavior-based detection—is the most effective way to stop ransomware before it executes.
Blocking ransomware requires a multi-layered approach that combines advanced security tools, regular system updates, strong access controls, and user awareness. While no method guarantees 100% prevention, proactive defenses significantly reduce the risk of infection and data loss.
Ransomware is one of the nastiest forms of malware around. That’s saying something. The good news is that it’s actually fairly easy to protect yourself against it. With that in mind, here is a quick guide on how to block ransomware.
Invest in a high-quality anti-malware product with a firewall
These days products that combine anti-malware functionality with a firewall are every bit as effective as separate products. They are, however, generally simpler to install and configure and usually more economical too. It’s usually best to go for a cloud-based product. This is partly because this means that the vendor takes care of the update process. It’s also partly because they place less of a burden on the local devices.
Scareware
Scareware, as its name suggests, is a straightforward intimidation ploy. It puts frightening messages on the screen to try to trick the victim into calling for help, for which they have to pay. Just have a decent anti-malware program run a scan on the infected device and follow its instructions.
Lockware
Lockware is a bit more of a pain as it blocks access to the computer itself. Boot into safe mode plus command prompt, restore to a previous time point and then install a decent anti-malware program and have it scan the device just in case.
Develop a robust update process
A robust update process means that all security-related updates are applied promptly to all relevant devices. Of course, for there to be security-related updates, the operating system(s) and applications need to be supported by their developers.
If a developer stops supporting an operating system or application and you want to go on using it, then take it completely offline if possible. If that is not possible, then assume it’s an unsafe place to store data and never allow anything sensitive to touch it, especially not personal data.
Remember that automated backup systems can be indirectly infected with ransomware as can any hardware storage devices left attached to a device.
If you know that managing updates is a weak point in your company, then you need to own the fact and deal with it. Either make sure that in-house resource is made available for the task or contract a managed IT services provider to take care of it for you.
Set rules on how people can use your corporate network
Over the years, it’s become standard for companies to take a relaxed attitude to employees using the company internet connection for personal business, as long as it doesn’t interfere with their work. In the early days of the internet, this was often a major perk. These days, it’s generally just a convenience. Most employees will have their own smartphones and maybe tablets as well, but using a proper computer can be much pleasanter.
Given that most malware is spread through either compromised websites or email attachments, now may be the time to start resetting expectations and stopping or at least limiting the use of the company’s internet connection. If you decide to go down this route, then it’s sensible, as well as polite, to explain to staff what you’re doing and why. It may also be helpful to offer them an alternative, such as a “social” WiFi network and maybe some communal power banks and charges so they don’t have to worry about running down their battery.
Consider how you manage remote and mobile users
Ideally, all remote and mobile users will connect to the company network over a VPN. In the real world, however, this isn’t as easy as it might sound on paper.
For example, finance departments are unlikely to be happy about buying VPN licenses for employees who rarely work out of the main business location, especially if it’s because they want to do so rather than because they need to do so. By contrast, HR departments are unlikely to be happy about denying employees the option to do so without good reason.
Generally, the pragmatic approach to managing this is to organize VPN access for employees who routinely work remotely or are regularly on the move. For everyone else, you could keep a pool of in-house laptops (or even decent tablets, possibly with external keyboards) equipped with VPNs for occasional use. Alternatively, you could consider just insisting that people use a paid connection (i.e. not free WiFi) and possibly limit their access.
Remember that a backup is your last line of defense against ransomware
In theory, you may be able to find publicly-accessible keys to decrypt files after ransomware attacks. In practice, if it were that easy ransomware attacks would stop. The fact is that you will need a fairly large dose of luck for this to succeed and luck is not a strategy. An effective data backup system, by contrast, is definitely a strategy and it’s one you should be implementing anyway.
An effective data backup strategy requires having three copies of your data over two media (clouds) with one copy being kept off-site (in a different cloud). Additionally, any sensitive data should be stored encrypted and these days any personal data absolutely must be stored encrypted. This won’t stop ransomware, but it will stop the attackers from stealing your data as well!
How to Block Ransomware (Step-by-Step)
- Install advanced endpoint protection
Use EDR/XDR tools that detect and block suspicious behavior. - Keep software and systems updated
Patch vulnerabilities that ransomware exploits. - Enable email and web filtering
Block phishing emails and malicious downloads. - Use strong access controls
Implement multi-factor authentication (MFA) and least privilege access. - Back up data regularly
Store backups offline or in secure cloud environments. - Disable macros and risky scripts
Prevent malicious code execution in documents. - Monitor network activity
Detect unusual behavior early with threat monitoring.
Best Ways to Block Ransomware
| Method | Effectiveness | Why It Works |
|---|---|---|
| Endpoint security (EDR) | ⭐⭐⭐⭐⭐ | Detects and blocks behavior in real-time |
| Regular backups | ⭐⭐⭐⭐⭐ | Ensures recovery even if attacked |
| Patch management | ⭐⭐⭐⭐ | Closes known vulnerabilities |
| Email filtering | ⭐⭐⭐⭐ | Stops phishing-based attacks |
| MFA & access control | ⭐⭐⭐⭐⭐ | Prevents unauthorized access |
| User training | ⭐⭐⭐ | Reduces human error |
FAQ
What is the best way to block ransomware?
The best way is to combine endpoint security, backups, patching, and user awareness. No single solution is enough—layered security is key.
Can antivirus block ransomware?
Traditional antivirus can block known ransomware, but advanced threats require behavior-based protection like EDR or zero-trust security.
How do companies prevent ransomware attacks?
Organizations use layered defenses including firewalls, endpoint protection, access control, backups, and continuous monitoring.
Does firewall block ransomware?
A firewall can block suspicious traffic, but it cannot fully prevent ransomware without additional endpoint and behavioral security tools.
Please click
