Ransomware: How to Prevent Being Attacked and Recover After an Attack

Ransomware: How to Prevent Being Attacked and Recover After an Attack


You wake up your computer and discover an ominous message in the middle of the screen, informing you that the entire content of your hard drive has been encrypted and that the only way to regain access to it is to pay a hefty ransom. That’s what it’s like to get hit by a ransomware attack.

Alarmingly, 46 percent of SMBs have experienced the above-described scenario, and 73 percent have paid the ransom to unlock important data, with the average ransom demand exceeding $100,000.

Since a sum of this size is enough to cause many organizations serious financial difficulties, it’s important to know how to prevent ransomware attacks and recover from them as quickly as possible to avoid prolonged downtime and the huge costs associated with it.

Top 3 Most Notable Ransomware Examples

It’s estimated that an organization falls victim to a ransomware attack every 14 seconds. While some ransomware attacks barely cause any damage at all, others make international headlines. Here are the top 3 most notable ransomware examples:

  • CryptoLocker: Before CryptoLocker infected about 250,000 computers between 2013 and 2014, the threat of ransomware was relatively unknown.
  • Petya: First discovered in 2016, this strain of ransomware prevented 12,500 machines in Ukraine alone from booting up by infecting the master boot record.
  • WannaCry: In 2017, the WannaCry ransomware attack infected more than 230,000 computers in over 150 countries.

How Does Ransomware Work?

To successfully prevent ransomware attacks, you need to understand how ransomware works and spreads.

Most ransomware is distributed via email messages, either as malicious attachments or links that lead to infected websites. In order to convince recipients to take a certain action, attackers use various social engineering techniques and tactics, including phishing and its more sophisticated variant, spear-phishing.

Once the ransomware is on the victim’s computer, it quietly begins to encrypt important files and folders using a strong encryption algorithm. Decrypting them is possible only with the right decryption key, and this key is known only to the attacker.

To obtain the decryption key, the victim is asked to pay a ransom, typically by sending a Bitcoin or Monero payment to an anonymous address. In some cases, attackers even go as far as to provide a live chat option to help their victims send the cryptocurrency payment.

The problem is that there are many strains of ransomware that don’t decrypt data even after the ransom has been paid. Sometimes, this behavior is intentional, but it can also be caused by a poor implementation of the underlying encryption algorithm. As such, it’s paramount for organizations to learn how to prevent ransomware attacks.

How to Prevent Ransomware Attacks?

Ransomware prevention is all about good cyber hygiene. The following security practices can significantly reduce the risk of a ransomware infection:

  • Update your operating system and applications. Outdated software may contain easily exploitable security vulnerabilities that make it possible for ransomware to spread on the network.
  • Don’t open suspicious links and attachments. Email messages are the biggest source of ransomware attacks, so it’s important to be extra cautious when opening links and attachments from unknown or unsigned senders.
  • Proactively block spam email messages. Ransomware creators are well-versed in social engineering techniques, and email is their weapon of choice, which is why it’s best to block unwanted messages before employees have a chance to open them.
  • Educate employees about the threat of ransomware. It’s important that employees know how ransomware works and spreads. When they understand the threat they’re facing, they can make educated decisions to prevent ransomware attacks from causing damage.
  • Use a reliable antimalware solution on all endpoints to detect and neutralize most ransomware attacks right at their onset. Make sure to keep it updated to keep up with constantly evolving attacks.

How to Stop Ransomware and Recover?

But what if your ransomware defenses were insufficient? In that case, you need to stop the spread of the infection and recover your data as quickly as possible to avoid further downtime.

  1. Stop the infection from spreading
  2. First, you need to isolate all infected devices to prevent the ransomware infection from jumping from one device to the next. If you’re not sure which devices have been infected, it’s best to disconnect everything preemptively.
  3. Assess the damage
  4. Next, carefully assess which devices have been encrypted and how much data has been lost. Carefully read the ransom message and calculate how much money it would cost to pay the ransom.
  5. Restore encrypted data
  6. Finally, restore lost data from backups. If you have backups of all important data, there’s no need to pay the ransom. You can simply wipe clean all infected devices and continue from where you left off. That’s why backup and disaster recovery is so essential.

    BCA will help you stay protected with our Advanced Cybersecurity Offering. Schedule a consultation with us today!