What you need to know to combat ransomware
Updated on October 20, 2022, by Xcitium
How to Combat Ransomware
To combat ransomware, organizations should implement endpoint protection, maintain secure backups, apply software patches, train employees to recognize phishing attacks, enforce least-privilege access controls, and continuously monitor networks for suspicious activity. If ransomware is detected, isolate infected devices immediately, contain the threat, and begin incident response procedures.
Knowing how to combat ransomware has become essential to keeping your data safe. Nobody is too small, too big or too anything to be attacked. Everybody, however, can be well-prepared to protect themselves from the damage a ransomware attack can do. With that in mind, here’s a guide on what you need to know to combat ransomware.
How to Combat Ransomware in 7 Steps
- Deploy Advanced Endpoint Protection
- Use security solutions that detect, block, and contain ransomware before encryption occurs.
- Maintain Regular Backups
- Create frequent backups and store copies offline or in immutable storage to ensure rapid recovery.
- Patch Vulnerabilities Promptly
- Keep operating systems, applications, and firmware updated to close security gaps exploited by attackers.
- Train Employees Against Phishing
- Educate users to identify malicious emails, links, and attachments that commonly deliver ransomware.
- Implement Least-Privilege Access
- Limit user permissions to reduce the attack surface and prevent lateral movement.
- Enable Continuous Monitoring
- Monitor endpoints, networks, and user activity for indicators of ransomware behavior.
- Prepare an Incident Response Plan
- Establish procedures for containment, eradication, recovery, and communication before an attack occurs.
Ransomware Defense Checklist
| Security Measure | Benefit |
|---|---|
| Endpoint protection | Blocks ransomware execution |
| Offline backups | Enables recovery without paying ransom |
| Patch management | Reduces exploitable vulnerabilities |
| Email security | Prevents phishing-based infections |
| Access controls | Limits spread across systems |
| Network monitoring | Detects threats early |
| Incident response plan | Accelerates recovery |
A robust anti-malware program is a must
Relying on the default security programs bundled with the main operating systems could turn out to be a painful example of false economy. Dedicated cybersecurity companies have solid consumer-grade options for free and there are some excellent business-grade options available at very little cost. These will generally include an integrated firewall which makes them even better value.
For both consumers and businesses, cloud-based options are generally the most sensible option. There are two main reasons for this. Firstly, it means that all updates are managed by the vendor. Secondly, it pushes the storage and processing load onto the back-end servers and hence reduces the burden on the local device.
You must keep your operating system and locally-installed apps updated
If a developer brings out a patch to fix a security issue, you can take it as read that the security issue in question is known to malware developers. This means that there is a distinct possibility that they will at least try to target that vulnerability because they know that organizations do not apply updates as quickly as they should.
You will only get updates if you are running operating systems and apps which are still actively supported by their developers. You should try to avoid running discontinued software at all. If you absolutely must do so, try to keep it off-line as much as possible and be careful about what data you store on the device.
You need to manage your email
Email attachments have long been notorious as a tool to spread malware. Server-level filtering has done a lot to curb this. It is generally very effective at catching blatant spam but not so good at catching more astute malicious actors. Sadly, the cybercriminals behind many ransomware attacks tend to fall into the latter category, especially when it comes to encryption ransomware.
What can, however, work very well is teaching users about inbox management techniques so they can quickly identify which emails are genuinely important and prioritize them. It might also help to move in-house communications over to an internal instant-messaging system, when possible, to alleviate the issue of emails pinging around between multiple people.
These steps can relieve the pressure of an overflowing inbox and hence encourages them to take more time over the emails they do read. You want users always to think before they even open an email let alone decide whether to click on an attachment. You then want to double-check their judgment by having all email attachments scanned by a robust anti-malware program, no exceptions, no matter who.
It’s vital to ensure safe surfing
The other main way ransomware gets onto computers is through malicious websites. In theory, it should be fairly easy to educate users to avoid visiting such websites. In practice, a lot of these visits are unintentional. People are tricked into visiting them often through social media posts or through malicious adverts.
Harsh as this may sound, the easiest and most effective way to reduce your exposure to being infected with ransomware through the internet is to limit the extent to which people can use the internet. Sadly this includes the major social media platforms.
This may not be a welcome move but the fact that most people have smartphones and even tablets means that it’s probably going to be less of an issue than it might have been even a few years ago. You could even offer a social WiFi network and charging facilities to make the change easier for staff to accept.
You will, however, still have to take steps to ensure that work-related internet surfing is done safely. What this will mean in practice will depend on your sector. For example, some companies may be able to whitelist specific websites and hence block all others.
Many companies, however, will have employees who need to undertake wide-ranging research online and/or to use social media for work. In these situations, you will need to combine your anti-malware program (and firewall) with effective user education, backed up by clear processes that are rigorously and fairly enforced.
Make sure you protect your data in the event of a ransomware attack
Ensure that all data is stored encrypted so ransomware attacks cannot be used to enable data theft. Additionally, make sure that your data backup is ransomware-proof. This means it needs to be off-site so that it is completely separate from your main system.
Please click here now to start your free 30-day trial of Xcitium AEP.
What to Do During a Ransomware Attack
| Step | Action |
| 1 | Disconnect infected devices from the network |
| 2 | Identify affected systems and users |
| 3 | Preserve evidence for investigation |
| 4 | Notify security and incident response teams |
| 5 | Remove malicious files and processes |
| 6 | Restore systems from clean backups |
| 7 | Conduct a post-incident review |
Signs of a Ransomware Infection
- Files suddenly become inaccessible or encrypted
- Unusual file extensions appear
- Ransom notes appear on desktops or folders
- Users cannot access critical applications
- Significant spikes in CPU or disk activity
- Security tools become disabled unexpectedly
- Shared drives become inaccessible
Best Practices for Long-Term Ransomware Protection
- Adopt a Zero Trust security model
- Segment networks to contain infections
- Use multi-factor authentication (MFA)
- Continuously monitor endpoint activity
- Perform regular vulnerability assessments
- Test backup restoration procedures
- Conduct ransomware response exercises
Frequently Asked Questions
What is the best defense against ransomware?
The best defense against ransomware combines endpoint protection, regular backups, employee security awareness training, patch management, and continuous threat monitoring.
Should you pay a ransomware ransom?
Security experts generally advise against paying ransom demands because payment does not guarantee data recovery and may encourage future attacks.
Can ransomware be removed?
Some ransomware infections can be removed, but encrypted files often cannot be restored without backups or available decryption tools.
What should you do first during a ransomware attack?
Immediately isolate affected systems from the network to prevent ransomware from spreading to other devices and shared resources.
How do backups help combat ransomware?
Backups enable organizations to restore systems and data without relying on attackers for decryption keys, significantly reducing business disruption.
Related Resources
Clean Ransomware
Ransomware Attacks
Ransomware Protection
Ransomware Removal
Ransomware Virus
Windows Desktop Management Software
Clean Ransomware
Loading...