How to defend against ransomware

Ransomware is a type of software that, when installed on devices, can encrypt user data. According to statistics, the software has attacked hundreds of companies and healthcare facilities in recent years. It is good to be aware of the forms of defense against this malicious software.

What are the sources of ransomware?

Most often, ransomware is spread through phishing emails, where after downloading an attachment or clicking on a link, this malicious software is installed on the user’s device. It is good to avoid these emails.

Tips how to recognise the suspicious emails containing ransomware:

  • the sender’s domain does not completely match the company name or uses a similar, but not the same domain;
  • the email requires an urgent response, a prompt to download an attachment, or a prompt to click on a link;
  • the message contains grammatical errors;
  • the email contains an incorrect company logo;
  • the attachment contains a suspicious files with extensions, such as: .ace, .bat, .exe, .scr, .wsh;

If you’ve received such an email, it’s a good idea to be careful to consider whether this message is secure. A good approach is not to register an email address on websites and portals that you do not trust. These websites may sell your data to third parties. If you have identified a suspicious email, it’s a good idea to report it as unsafe, click or mark the email as a “phishing email,” and delete the suspicious message.

Other sources of ransomware can be unverified applications and unverified web browser extensions. It is good to consider twice before installing them. Anti-virus programs provide protection these types of threats. Today, antivirus programs automatically scan downloaded files against ransomware, but it’s a good idea to make sure this option is turned on and to update the antivirus programs regularly. Also, it’s a good idea to have the latest security updates for your operating system and applications, such as JAVA or Adobe Flash, which also helps protect against ransomware.

If you use the remote desktop connection, it is good to use a strong password and even 2-factor authentication. According to statistics, some hacker groups are trying to gain access to devices this way. Increasing the level of password security increases the level of protection against ransomware attacks.

Backup and restore data

The best defense against ransomware is to set up regular data backups and have a data recovery process. Today, data can be backed up on a cloud or local drive. Cloud data backup is provided by several larger ISPs, it is one of the more accessible solutions. If you need a higher level of security, it’s a good idea to look at specialized security-focused backup providers. Another option is a local, on-premise data backup. Local data backup includes external disks or backup server, network-connected backup disks. It depends on the business options and preferences when choosing the type of the backup.

A data recovery plan is also important, in the event of a ransomware attack, it is good to recover data as soon as possible, testing this process can significantly reduce the damage for companies and make life easier in the event of the attack or in the event of other data outage.

In larger companies, it is advisable to look at IPS and IDPS (Intrusion Detection and Prevention Systems). These advanced systems can be installed on servers, where they monitor network traffic and look for signs of ransomware. Like anti-virus programs, they can immediately apply security procedures when they identify malicious code, thus preventing damage. It is also recommended that companies do not leave open network ports that are not in use. Another thing to help is to segment the LAN into multiple isolated VLAN zones, which may limit the area affected by malicious code. And it is also recommended to educate employees how to identify the phishing emails.

What to do in case of a system infection?

In case of system infection, it is good not to panic, turn off the device, turn off WiFi and Bluetooth, then delete the infected files and restore data from your backup.

Among the most dangerous ransomware belongs Conti, Conti ransomware makes so-called “double extorsion” it steals data and then encrypts the computer. According to the statistics, hundreds of facilities were affected in this way in the last years. It is considered a follower of the previously widespread Ryuk ransomware. Other known ransomware are Chacha, Netwalker. These ransomware are responsible for 20% of ransomware attacks.


Yet, no solution is 100%, but applying some of the them and knowing how to detect malicious emails can in a substantial measure reduce any damage caused by this software.