Ransomware 101: Steps to Prevention & Rapid Recovery

Ransomware—a word with the potential to be as alarming as it sounds. Over the past few years, ransomware attacks have been growing at an exponential rate, causing concern for businesses of all shapes and sizes. According to the Data Breach Investigation Report (DBIR) by Verizon, ransomware attacks have been growing 13% year-over-year since 2021—a greater increase than the previous five years combined. 

But before you can prepare for a rainy day and proactively protect your business, it’s important to understand what ransomware is and its potential impact.

What is Ransomware? 

Cybersecurity leaders at Kaspersky define ransomware as “extortion software that can lock your computer and then demand a ransom for its release.” In a typical ransomware attack, cybercriminals use malware (also known as “malicious software”) to encrypt critical data and demand payment in exchange for the decryption key. This can result in significant financial loss, reputational damage, and even legal liability for businesses.

How does a hacker get ransomware onto your computer in the first place? There are several malicious methods used that often fly under the radar, preventing businesses from knowing they’ve been infected until it’s too late. Those methods could include: 

  • Malicious attachments found in emails (phishing) 
  • Infected software applications 
  • External storage devices that have been tampered with 
  • Vulnerabilities through Remote Desktop Protocol 
  • Compromised websites, and more 

The Potential Impact of a Ransomware Attack

As the old IT adage goes—businesses should no longer wonder if they’ll experience a ransomware attack, but rather when. By 2031, damages caused by ransomware attacks are estimated to exceed $265 billion annually, with a new attack occuring every two seconds. 

What does that mean for your average enterprise or SMB? In IBM’s Cost of a Data Breach 2022 report, they cite the average ransom payment is $812,360. However, the ransom payment itself is only part of the cost a business incurs (think lost productivity, stalled operations, legal fees, reputation repercussions and more). 

Luckily, the frequency that businesses are actually paying the ransom during an attack is on a steady decline, according to Coveware. In 2019, 85% of victims paid the ransom, and in Q4 2022, that number fell to just 37%. The reasons for that decline may vary—but it proves that businesses are being more proactive about cybersecurity investments, prevention, and incident response planning. 

Ransomware That Cost Companies Millions 

Cybercriminals don’t discriminate when it comes to the type of organization they’ll target. However, industries like healthcare, financial services, and government are frequently targeted due to the sensitive nature of the personal data they possess (such as health records and banking information). 

While not all ransomware attacks lead to a paid ransom, here are some of the more notable incidents where the organization had no choice but to comply: 

  • CNA Financial Corp., one of the largest insurance companies in the US, reportedly paid a $40 million ransom to regain control of its network in 2021
  • Chemical distribution company Brenntag paid over $4.4 million in bitcoin to cybercriminals in 2021, to secure a decryptor for 150GB of stolen data 
  • Colonial Pipeline paid out a $5 million ransom to hackers in 2021 after an attack cripled the company’s fuel deliveries up and down the East Coast of the US 

How to Minimize the Damage of Ransomware 


Don’t let yourself be blindsided by a ransomware attack—instead, suspect that it’s coming and prepare accordingly. Having a robust Incident Response Plan (IRP) is a critical first step. An IRP is like a manual that lays out instructions and procedures your team can follow to detect, respond to and limit the consequences of a malicious cyberattack. Being able to respond swiftly, thoughtfully and strategically will minimize downtime and speed up recovery. Purchasing cyber security insurance may also be part of your proactive plan. 


Of course, prevention is the best way to mitigate the risk of ransomware taking hold of your data in the first place. But in the case that it does, prevention techniques will also help you recover quicker and could make the difference between your organization needing to pay the ransom at all. Keep reading on to discover why. 


Detection is a critical first defense against ransomware. It’s possible for cybercriminals to actively exploit a network for long periods of time before they take any action—quietly gathering data while they prepare to attack. But with modern threat detection technologies, you can prevent them from moving through your network and encrypting sensitive information. Ransomware detection techniques like static file analysis, dynamic monitoring of mass file operations, and entropy can all be deployed to detect active threats. 


Recovering from a ransomware attack can be a complex process. Our partners at Rubrik suggest following this basic outline: 

  • Find the trigger file and remove it from all devices
  • Determine whether the attack style is encryption-based or screen-locking 
  • Disconnect all vulnerable devices from your network to prevent the ransomware from spreading 
  • Seek to understand the malware and whether you can decrypt the files using special software
  • Run an anti-malware package on all systems 
  • Restore as much data as possible using your up-to-date data backups 

4 Security Measures to Prevent Ransomware

1) Keep Regular Backups 

Remember when we mentioned that prevention tactics could also save you in the case that your data is taken hostage? Well, that’s where backups come into play. If a hacker steals critical data your organization needs to operate, but your backups are up to date and easy to recover, there may be no need for you to pay the ransom at all. Maintaining your backups is the critical step here—and that’s made easier with a managed solution like Backup as a Service (BaaS)

2) Enforce IT Security Best Practices 

Are your security practices up to date? Today, an effective security plan can no longer be an afterthought—it requires diligence and regular maintenance. For larger organizations, this responsibility is often taken up by IT teams but should be championed and implemented by leaders across the organization. While enforcement applies to employees, it should also extend to any contractors or vendors your organization works with. 

3) Train Your Staff 

According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches involve human error. Because Phishing is the number one delivery vehicle of ransomware, it’s more important than ever that staff are well-trained on the risks and what to look for. Aim to make cybersecurity awareness part of your organization’s culture at the most senior level. 

4) Test Your Network 

Regularly conducting penetration tests is one of the best ways to identify vulnerabilities that could be exploited by attackers. These ethical hacks will poke holes in your network, looking for places where hackers could gain access to sensitive data and testing employees’ ability to recognize phishing emails or social engineering attacks. 

Get Started with Ransomware Prevention 

Protecting your organization from ransomware is no easy feat—but you don’t have to go it alone. Lean on the expertise, leading technologies and preventative managed services offered by your trusted IT partner to help prepare, prevent, and recover from potential ransomware attacks. Ready to fortify your organization’s defenses? 

Let's Talk< Back to all posts