Imagine this: You’ve worked tirelessly over the past month to create a video tribute for your best friend’s wedding reception. You’ve added the right pictures, overlaid it with music to create nostalgic memories of your friendship, and edited it to perfection. The couple has ensured they have every detail taken care of, from selecting the perfect venue to choosing an outstanding menu. Your video tribute will be the “icing on the cake” and the last touch to finalize their perfect day.

Just when you are about to kick your feet up and toast the completion of the video, you save the video file and an odd message pops up: “The files on this laptop have been encrypted. Submit payment within 48 hours or your files will be destroyed!” That perfect day just took a downturn because you’ve been hit with ransomware.

Now imagine how easy it could have been to get infected with the same malware at work. Businesses can encounter similar scenarios — but they have way more at stake. Ransomware attacks can disrupt business operations, causing companies to experience hours or even days of downtime, and possibly cause the business to completely shut down.

So how can you help prevent a ransomware attack? Prevention is no easy feat, but some steps can be taken to reduce the risk of opportunistic attacks. In a recent Enterprise Strategy Group (ESG) study, “Incident Readiness Trends: Do Confidence Levels Match Preparation Efforts?,” 80 percent of cybersecurity decision-makers report that their organization has already engaged in ransomware incident readiness activities, making sure they have a plan in place in case an attack does occur.

Download the full infographic.

However, if ransomware is already in your environment, there are a few remedies available. An attack of this sort on company networks can affect thousands of devices, be costly and certainly disrupt business. Review these recommendations to learn about steps your team can take to mitigate the risk of an attack. If you can implement these tips, you should have a better chance of shifting from detection of ransomware to readiness and response.

Build a Security-Aware Culture

Ransomware is another type of malware among many others, and it can spread widely starting with a mere human error. For example, this could happen with an employee falling prey to social engineering techniques that encourage them to open a malicious email. By training employees or users to identify suspicious emails, enterprises can significantly reduce the probability of ransomware infections.

Ensure You Have Backups

A consistent defense against ransomware includes having backups — and more than just one. Backup redundancy and keeping backups both offline and in the cloud, then testing them periodically, can help with recovery plans if an attack ever affects the business.

Backup runs should occur frequently and have a tested restore process. Companies that back up their data can minimize the impact of ransomware attacks since only hours of data are lost instead of months or years. The backup should also be tested on a periodic basis to ensure it can restore all files and asset configurations in their uninfected state.

Embed Threat Intelligence

Monitoring your network can provide you with a second set of eyes within your security environment. However, monitoring technology and tools are only as good as the information feeding into it. Having the latest threat intelligence is vital if you want to get better at spotting a looming ransomware attack, stay up to date as ransomware evolves, and learn current tactics you can use to prevent this sort of infection from spreading.

There is no “magic strategy” or one-time solution to stop today’s threats. Although you might take every possible precaution to prevent ransomware from accessing your network, your defensive strategy may not be completely threat proof. This is why it is vital for organizations and their security teams nowadays to be proactive and take steps to detect ransomware on time, contain it, manage response and have a recovery plan in place. This overall strategy can help significantly reduce the potential impact of such attacks on your business.

Download ESG’s 2019 Incident Readiness Trends Report

More from Advanced Threats

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today