Articles & E-Books


How to protect your business from ransomware

Apr 17, 2020

By the end of 2019, more than 70 state and local governments had been hacked by cyber criminals. 

Attackers infected local government computers with ransomware, usually demanding the equivalent of several hundred thousand dollars in bitcoin before operations would be restored. Functions were at a standstill for days if not weeks, with employees resorting to pen and paper as stopgap measures. 

The problem isn’t unique to governments and schools, they are just obligated to disclose when it happens; the privately-owned business that make up the bulk of our economy don’t report ransomware attacks. Your business, too, could be vulnerable. The good news is that basic cybersecurity hygiene can defend against ransomware attacks fairly effectively.

What is ransomware?

Ransomware is malicious code that can infect your computers and quite literally demand a ransom through a flashing message on the screen. For example, the infamous WannaCry ransomware attack displayed a red screen with a huge padlock, demanding that users pay to access files. 

Ransomware can take various forms:

  • Crypto-malware encrypts files and demands a ransom to decrypt them. 
  • Screen-locking ransomware, also known as “lockers,” completely lock you out — you’re not allowed to make another move until the ransom is paid. 
  • Scareware masquerades as a virus-cleaning tool, saying that it has found bugs and needs money to resolve them. 
  • Doxware, another kind of ransomware, works by threatening to publish sensitive information online.

Although every business is vulnerable to ransomware attacks, companies with traditionally low security defenses, such as small businesses, communication action agencies and startups, or ones that work with especially sensitive data, such as healthcare and financial institutions, are lucrative targets.

Be proactive about ransomware

If you’re facing a demand for ransom, this means that the malware has already wreaked havoc on your system and your data has been breached. It takes just a few hours from initial infection for all systems to be shut down. Although the situation certainly calls for reactive protocols such as trying to isolate computers and recover from the infection, proactive strategies are the best defense against ransomware. A proactive strategy against ransomware follows many of the same steps as most cybersecurity defenses. The following steps can make a real difference in how resistant and resilient your organization is to ransomware attacks.

Create frequent backups

It’s easy to coast along, meeting urgent deadlines, assuming your data is safe. But scheduling frequent (at least daily) backups and storing them on isolated servers or cloud providers allows you to restore almost-up-to-date data files in the event of a ransomware attack.

Segment your network

This topic can get pretty technical, so work with your IT team or your service provider to make sure your network is properly segmented. The easiest way to think about it is that ransomware can go everywhere you can reach from your File Explorer. If you can navigate to another user’s computer or the accounting server and have permissions to write or save data there, then that target can get ransomed; same for every user on your network. Too many organizations use this “flat” network design and even keep their backups there too. Isolating backups and your most important data from the rest of the network can help keep it safe from ransomware.

Use the latest operating system versions and patches

Microsoft and Apple incorporate remedies for identified security weaknesses in their operating systems and applications into patches they regularly release. These patches often address vulnerabilities that allow ransomware to propagate within a network. Keeping your computers patched is a simple but sound defense against ransomware that targets known vulnerabilities.

Train associates

Phishing, in which emails seemingly originate from familiar sources, forms the basis for many ransomware attacks. Although most associates might understand not to click on emails that look overtly like spam, many associates might click on emails that are disguised as credible communication. Such phishing attempts are becoming increasingly sophisticated. For example, a Gmail phishing scam used names of attachments users had already sent out as a way to make the phishes look more legitimate and then allow the attacker to infiltrate computer systems.

As basic as it might sound, constantly training associates about the latest evolution of phishing emails and social engineering might be one of your best defenses. After all, your employees are your front line of defense.

Use managed detection and response

An intrusion detection system (IDS) constantly monitors your computer systems for threats or suspicious activity that go against previously established parameters. AI-driven managed detection and response services can prove to be an invaluable defense strategy when combined with human expertise. The combination delivers advanced threat detection, extensive threat analytics, global threat intelligence, faster incident mitigation and collaborative breach response — all on a 24/7 basis.

Increasing tech

Your data assets are not limited to desktop or laptop devices alone. Internet of Things (IoT)–embedded sensors attached to manufacturing equipment (as well as building automation or environmental control systems) can deliver vital intelligence about production operations. These devices can also be a gateway for ransomware or other cyber attacks and will need to be as secure as the rest of your computing infrastructure.

More than 21 billion IoT-connected devices will feed into the global data system by 2025. As the diversity of your computing capabilities grows, so too does the possibility of the weakest link being exploited by ransomware. The sheer volume of the problem calls for intelligent solutions to address the scourge — starting with basic cybersecurity hygiene. 

Wipfli can help

Need help protecting your business data, or have more questions about threats like ransomware? Contact your Wipfli advisor.

Interested in cybersecurity?

You can learn more about fluid and agile solutions in the evolving cyber landscape on our web page.

Or learn more in these articles:

Investing in cybersecurity saves dividends
Five easy (and low-cost) ways to increase cybersecurity
Cybersecurity 101: What does it involve?
Multifactor authentication: Why you need it now


Tom Wojcinski, CISA, CRISC
View Profile

Get help going remote | Wipfli