Ransomware protection strategies

Ransomware attacks have shot up in recent years.

“Show me the money” seems to be the digital cry for cyber criminals.

Reports say there were 304 million ransomware attacks in 2020, up 62% from 2019.

Cybersecurity Ventures predict ransomware damage costs will reach $20 billion by the end of 2021.

Of course, in the current work-from-home climate, there are even more potential vulnerabilities for cyber criminals to exploit.

These trends highlight the importance of having ransomware protection strategies in place.


Ransomware defence strategies

At BlueFort we can provide different ransomware protection and prevention strategies for your business to try, with expert advice and guidance on how to set them up. Here are some of the most important and effective ones:

Data backup strategy

Ransomware is all about preventing a user from accessing their information until they pay the ransom money.

That’s why companies must have a way to recover their data from a backup in the event of a ransomware attack.

A popular backup strategy is the 3-2-1 rule: Create three copies of your data, store them on two different media and keep one backup version or copy located off-site.

But backups are useless if they don’t work or are insufficient.

So, test and monitor your backups regularly and ensure testing remains a priority.

Endpoint protection

Data backups are essential for recovering from a ransomware attack, but it’s much better to prevent a successful attack in the first place.

This is particularly true of ransomware attacks, as even if you have a data backup, there’s also the threat of ‘double extortion’ schemes. This is where the attacker makes an additional demand for money to prevent the attackers from publishing their data online.

You can protect your endpoints against attacks by using threat intelligence-based, behavioural analytics, machine learning algorithms and deception techniques. These should help detect malicious executables, block zero-day ransomware exploits, fileless, backdoor attacks and other threats.

Further protection can be achieved by managing robust security policies, maintaining device controls and implementing personal firewalls.

Visualise the attack chain

The cyber kill chain or cyber attack lifecycle can be used to help identify and prevent intrusions.

Attack Chain

A typical chain consists of:

-          Reconnaissance – attackers probe for weakness, e.g., collecting login details.

-          Weaponisation – attackers build a deliverable using a backdoor.

-          Delivery – e.g., a malicious link in a legitimate-looking email.

-          Exploit – executing code on the victim’s system.

-          Installation – installing malware.

-          Command and control – creating a channel for the attacker to control the system remotely.

-          Actions – attacker remotely carries out intended goal.

Using the attack chain to keep attackers from entering your network requires visibility into what’s happening on your network and the expertise to spot malicious activity.

Ideally, you want to stop an attack as close to the beginning of the chain as possible.

Update security protocols

Ransomware and malware target vulnerabilities in your systems. So, it makes sense to ensure your security firewalls and antivirus software, for example, are fully up to date.

Keep up to date with patches to operating systems too.

In 2017 the worldwide WannaCry ransomware attack was mostly spread by organisations that had not applied some Microsoft patches that closed a vulnerability or were using older Windows systems that were past their end-of-life.

Educate all employees

Educating your employees is key to preventing attacks.

It’s thought that about 90% of malware is delivered via email, so the best way to prevent malicious files from getting into your network is to train employees.

Ensure they understand the threat of ransomware, what to look out for and what to do if they suspect something or click something they shouldn’t have.

The National Institute of Standards and Technology (NIST) recently published a Cybersecurity Framework Profile for Ransomware Risk Management.

Basic measures mentioned in the guidance include keeping computers fully patched, blocking access to know ransomware sites, using antivirus software, only permitting authorized apps to be used, restricting the use of personally owned devices and apps, and limiting the use of accounts with administrative privileges.

Along with these user-related measures the guidance also strongly advocates security awareness training to educate employees about opening unknown files, clicking on links, etc.



Ransomware is big business and growing all the time.

Employee education and the use of excellent security software will help prevent a data breach.

Particularly important with ransomware is the creation and regular testing of backups, so you’re well prepared in the event of a successful ransomware attack.

This article has come from part of our research that has uncovered some key findings that every UK CISO will want to know. We will be hosting a hybrid, interactive event that will be broadcast on the 15th October, 3:30 pm from a studio in London, UK to a live audience of CISOs and CTOs - Bluefort Live

We’re experts in our field with many years of experience in helping companies protect themselves.

If you want to chat through any cyber security requirements or challenges you may have, just give us a call on 01252 917000, email enquiries@bluefort.com or use our contact form.