How to Prevent Ransomware Attacks

Share on linkedin
Share on facebook
Share on twitter

Table of Contents

Ransomware is a form of malware that encrypts your data, locks your access to any infected computer and demands a ransom, usually paid in bitcoin currency, which makes it hard for law enforcement to trace the attacker.

The majority of cybersecurity experts recommend not paying the ransom, but some organizations have found it to be the only way to recover from the attack. Smaller organizations face the most difficulties recovering from these incidents, with one example being the Wood Ranch Medical Clinic, who was forced to close permanently after a ransomware attack deleted all of their medical records and patient files. The best alternative is to prevent ransomware attacks by taking all the necessary measures to prevent their spread on your network.

Here’s how to prevent ransomware attacks:

1. Educate your employees

The easiest way for a hacker to infect your systems with ransomware is generally through social engineering attacks, which aims to take advantage of your employees with less technical abilities or knowledge. A recent study revealed that 93% of phishing emails conceals ransomware. While ransomware attacks are still performed through an exploitation of your technological vulnerabilities, phishing emails are usually the first vector of attack used by hackers to exploit these technical vulnerabilities. In most cases, these malicious emails contain infected attachments or links to malicious websites that will automatically download the ransomware to the user’s workstation. The malware will then look for any technical vulnerabilities to gain administrative privilege within your infrastructure, allowing it to spread across your network to encrypt your other devices.

Employees who routinely process external emails should be thoroughly trained to detect phishing emails and their level of awareness should be regularly assessed with a phishing test so they can be educated on the risks. This includes checking headers and email addresses for typos, checking for typos in the URLs of websites they visit, avoiding suspicious attachments, etc. Bear in mind that social engineering emails often look very sophisticated and may not be immediately distinguishable. Raising awareness within your employees will help prevent ransomware attacks, as phishing is the most common vector of attack to infiltrate ransomware into a company’s network.

2. Segment network access

Furthermore, it is essential that you grant network access granularly to prevent ransomware attacks from spreading throughout your organization. Segmented networks restrict an employee’s access to the files, systems and functionalities they need for their everyday operations, limiting the potential impact of a ransomware attack and the time needed to recover from it. For instance, a user who occasionally requires administrative privilege to one of your systems could be granted temporary access when needed, rather than providing him with constant access. Remote access and external devices brought by your employees should also be segmented to prevent them from accessing your internal network. For example, providing your employees with a wireless network to connect their mobile devices that is segmented from the network used by your internal devices and workstations.

With properly segmented access, an attacker might only be able to encrypt a small percentage of your files and infrastructure, allowing you to carry on with your usual business operations with little to no impact. Your IT team will only have to restore the backups to that specific instance, requiring fewer resources and preventing interruptions of service for your company.

Want to know how Vumetric has helped hundreds of organizations prevent ransomware attacks?

No matter the size of your business or your industry, our experts understand the most intricate risks you face on a daily basis that could potentially lead to a disastrous ransomware incident.

3. Keep systems up to date

A thorough managment of system updates and patches is another efficient measure to prevent ransomware attacks. In most cases, this type of malware will look for outdated software, operating systems and devices in search of known vulnerabilities within those obsolete versions. This means that a critical vulnerability previously fixed in a software’s security patch will become part of an attacker’s toolset, one of the vectors of attack they will look for to infect your system. These critical vulnerabilities are often used by hackers to gain administrative privilege within your system and infect any data and workstations they can access.

A recent strain of ransomware known as “WannaCry” leveraged obsolete software to infect hundreds of thousands of computers across 150 countries. These attacks caused some of the largest ransomware incidents in history, such as the NHS ransomware attack that caused disruption across all medical centers in the UK, delaying surgeries and patient care for nearly a week. This attack resulted in financial losses of around £92m for the NHS. This attack was a prime example of why you should always keep your operating systems and software up to date. It’s also important to note that you should always use trustworthy and reputed software to prevent these types of infections.

4. Manage backups properly

Lastly, the most efficient way to prevent ransomware from having any impact on your company is with proper management of your backup copies. Although backups can get expensive, they will pay off in the long term should you be faced with a ransomware attack.

Backups should be hosted externally, using unlimited copies services. These services create a backup every time a file is modified, rather than following a set schedule. This allows you to revert the compromised system to the precise point where it was infected while keeping your backups safe from hackers. Hosting backups internally can have dramatic consequences, similar to VFEmail who had their entire infrastructure, data and backups wiped out, hence why you should always count on an external backup service.

You should also keep multiple iterations of backups, so you don’t restore from a backup which contains the ransomware. With proper backup management, you can simply restore the system rather than paying the ransom, thus limiting any potential impact of ransomware on your operations.

How to prevent ransomware attacks

Staying up to date with the latest cybersecurity best practices and implementing various measures can help you prevent ransomware attacks and potentially save millions in losses or technical restoration. These recommendations are based on recent cases of ransomware infections combined with best practices in regards to cybersecurity management.

 

A penetration test is a simulated hacking attempt that identifies opportunities for real hackers to break through your defences and perform various malicious acts. It generally leverages tools used by hackers and various professional methodologies to replicate the steps that modern hackers would take to intrude into your IT systems.


A pentest attempts to exploit your vulnerabilities to determine their potential impact, should they be used in a real hacking scenario. They provide a list of vulnerabilities with their respective level of severity, as well as technical recommendations to help your team apply corrective measures and focus on the most critical vulnerabilities.


These services allow your organization to answer the following questions, among several others:

  • Can a hacker gain access to any sensitive information?
  • Can a hacker hijack my technologies for any malicious acts?
  • Could a malware infection spread through the network?
  • Can an attacker escalate access to an administrative user?

Learn more about penetration testing →

There are many contexts in which a penetration test should be performed.

Here are some common use cases for a pentest:

  • As part of the development cycle of an application. (To test the security of a new feature/app)
  • To comply with security requirements. (3rd-parties, PCI, ISO27001, etc.)
  • To secure sensitive data from exfiltration.
  • To prevent infections by malware. (Ransomware, spyware, etc.)
  • To prevent disruptive cyberattacks. (Such as denial of service)
  • As part of a cybersecurity risk management strategy.

All businesses are advised to conduct a penetration test at least once a year, as well as after any significant upgrades or modifications to the company network. Given the rapid rate at which new exploits are discovered, we generally recommend that quarterly tests are performed.

Various steps are taken over the course of the project to prevent the potential impact of our tests on the stability of your technological environment and the continuity of your business operations.

For this reason, a communication plan will be put in place at the beginning of the project to prevent and mitigate any potential impact. A representative of your organization will be identified to act as the main point of contact to ensure rapid communication in the event of a situation directly impacting the conduct of your daily operations, or if any critical vulnerabilities are identified, for which  corrective measures need to be implemented quickly.

While we use a simple 4 levels risk rating approach (Critical, High, Moderate, Low), our risk assessment is actually based on the Common Vulnerability Scoring System (CVSS) standard. Two main criteria are considered when  assessing the risk level of each vulnerability:

  • Potential impact: The potential impact of an attack based on a vulnerability, combined with its  potential effect on the availability of the system, as well as the confidentiality and integrity of  the data.
  • Exploitability: The potential exploitability of a vulnerability; a vulnerability that is easier to  exploit increases the number of potential attackers and thus the likelihood of an attack.  Different factors are considered when evaluating the exploitability potential of a vulnerability  (e.g.: access vector, authentication, operational complexity, etc.)

Related Vumetric Blog Posts

Cyberattack impact

How Cyberattacks Impact Your Organization

A cyberattack is a malicious assault by cybercriminals aiming to damage a computer network or …

Read The Article
penetration test vs bug bounty

Penetration Testing vs Bug Bounty

Due to the recent spate of ransomware incidents, organizations and nervous IT administrators are wondering …

Read The Article
How Wordpress Gets Hacked and How to Prevent

How WordPress Sites Get Hacked And Fixes to Prevent it

WordPress sites get hacked on a regular basis, as it is by far the most …

Read The Article

Certifications

We've Earned Internationally-Recognized Certifications

Contact a Certified Expert

Talk with a real expert. No engagement. We answer within 24h.
penetration testing provider

Need Help Implementing Measures that Prevent Ransomware Attacks?

or give us a call directly at:
Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.