Preparing for Ransomware Attacks

There is a possibility that anyone can be a target of a ransomware attack. The frequency of attacks is due to people using unsecure devices. People who pay the ransom may not have a backup copy of the encrypted files. There are ways to prepare for a future attack without paying the ransom.

One way to prepare is by having backups of all files and assets that cannot be lost or that the company needs to function. Backups of the files should not be stored on the main system to avoid being compromised in the ransomware attack. This is to make sure there is no trail for the hacker to follow and target the backups too. It is better to have more than one backup in case one is compromised; this means issuing weekly and monthly backups.

Be aware of who has permission on the computer systems. Only allow permissions that are necessary or needed. Make sure that the permissions only work for the areas that the employee needs to complete their day to day tasks. Also, be up to date on employees with permission, by making sure that person is still a part of the company. If the person has left the company or does not need any of the permissions anymore, then those credentials need to be removed from the system right away.

Computer software needs to stay up to date. Issuing updates fixes bugs that a hacker could exploit for different cyber-attacks like ransomware. The security and anti-malware software should also stay up to date because it is an important defense against attack. It will fix any bugs in the software, but it will also update or add other forms of malware to look for.

It is important to have email security, due to email phishing being a route for ransomware to infect a system. This is because it can be used to inspect emails as they are received to detect any malicious content and expel it, before it can harm the computer it was received too. Also, employees should be taught to be wary of spam and attachments due to hackers sending ransomware this way. People should be wary to open emails from people that they do not know or that doesn’t look right since those emails could be infected with malware or send the victim to a page that is.

The IT department of a company should work to secure that company’s networks. They should start by blacklisting in the company to prevent any download of web-based malware. Blacklisting is a tool to not allow certain codes and URLS from operating on the computer. For example, it denies the user access to going unto a website with a specific URL. It also blocks the ransomware from connecting to the command-control-center. Another tool to employ is a spam detection feature which can be added companywide to the systems. It stops compromised emails from reaching an employee’s inbox.

The company can also have a security incident monitoring tool or SIEM, used to detect and respond to a malware attack. It ensures that file integrity is continuously monitored and warnings are issued when malicious activity is detected.

Lastly, users or employees need to be educated to lessen the chance of a ransomware attack. Training employees about the dangers of opening questionable emails teaches users to be cautious on what they do online or click. This makes it makes it easier to protect the company from a potential ransomware attack.


If your company was a victim of a ransomware attack, contact LIFARS.