8 tips for protecting against a ransomware attack

Unfortunately, ransomware attacks are increasing — both in terms of frequency and success as measured in costs.

According to IDC’s 2021 Ransomware Study, 37% of global organizations said they were the victim of some form of ransomware attack in 2021. In addition, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware attacks in a six-month period from January to July 2021 — a number that represents a 62% year-over-year increase. Some researchers believe that the total cost of these attacks was more than $11 billion in 2021.

Even worse, these successful ransomware attacks only embolden cybercriminals as they look for more easy targets. All of this adds up to the situation where it’s a matter of when — not if — you’ll be hit with a ransomware attack.

To help you do all you can to protect yourself from these types of cyberthreats — or mitigate the effects if you do get hit — we recommend the following eight tips to protect yourself from ransomware attacks.

While it may seem too easy or too optimistic, the fact remains that if you make sure your data is always backed up, you shouldn’t have to pay a ransom. It may seem like it might be difficult to reinstall data and get your systems back up and running, but today’s most effective backup solutions actually deliver fast, reliable recovery of critical applications, systems and data. Taking a disciplined approach to backing up data can give you a valuable advantage over cyberattackers.

Let’s face it: The entire software industry is prone to security holes — vulnerabilities that come up that require security updates to offer solutions for known issues, or even just for the general enhancement of software applications.

Cybercriminals are aware of these vulnerabilities and worse, they are very good at working fast to exploit them and gain access to computers and networks. They can even target zero-day flaws, which means they will act extremely quickly once they’re aware of a security hole.

The best way to defend against these security holes is to think about patching more proactively. Today, many of the best cybersecurity solutions deliver automated patching capabilities that work with hundreds of applications. As a result, you’ll minimize the threat of attack through an unpatched vulnerability and improve your overall security posture.

Two-factor authentication is great advice and just gives you a better way to improve your cybersecurity efforts. Anything you can do to make it more difficult for the bad guys to get into your system, the better — and the more inclined they may be to leave you alone.

Think of this analogy. Imagine a home surrounded by a three-foot tall fence. While it doesn’t offer complete protection, it may be all a homeowner needs to fend off a would-be criminal. Hackers today are looking for easy opportunities, and two-factor authentication may send the message that the extra effort just isn’t worth it.

The more things you can add, the safer you’ll be, and two-factor authentication is a great place to start.

Cybercriminals still use widespread phishing attacks with malicious emails, links and attachments, and unfortunately, they’re more successful than you might think. We’re all so busy today and we often just don’t pay as much attention as we should. All it takes is one wrong click and attackers can gain the full access they need to do real damage.

There was a famous Facebook example recently where a bad actor created fake ads that would then direct to malicious websites. One cautious way to overcome these potential lapses is to stop clicking links and ads and type a UR instead. It may be an extra step, but it can be a great way to avoid bad URL strings, with carefully constructed wrong letters (for example, one “0” instead of an “o” and look-alike domains).

This is always great advice, especially if you or your employees tend to work in restaurants, coffee shops, airports, or other less-than-secure destinations. To overcome these cybersecurity concerns, you should always make sure you’re using a virtual private network (VPN), and even make sure you configure it so it will start as soon as you log in.

VPNs aren’t just for businesses today; you should get used to using them when you’re going to be on a public network — even if you’re simply watching Netflix to kill time. While they may seem like an extra expense, these pale in comparison to the high cost of losing your identity or suffering a ransomware attack.

There is a point to be made for paying, in that many people need their data back quickly and think the payment amount isn’t that high, so they consider paying just to end this bad experience.

However, it is advisable not to pay for the ransom for a number of reasons. First, there’s no guarantee that the cybercriminals will actually do what they say. (After all, they hacked your computer, remember?). Additionally, there have been many cases where the attackers have come back a second time, after they found either new “juicy” information or some especially sensitive data. You just never know.

Finally, there’s the idea that if no one actually paid, the cybercriminals would have less and less success and would stop looking to profit with ransomware attacks. Many believe we should all adopt a zero-tolerance approach in order to help the whole community benefit.

Today’s anti-malware and ransomware cybersecurity solutions are extremely effective and give you the best chance to defend against ransomware attacks and other cyber threats. For example, Acronis Cyber Protect includes secure ransomware protection that uses built-in MI-based ransomware capabilities.

Finally, the use of whitelisting and blacklisting strategies is a great idea and one that can be extremely effective in improving cybersecurity. In this case, if entities or applications are not on an approved whitelist, they are not approved for automatic installation.

Interested in learning more about a wide array of cyberthreats, including ransomware, and how you can take the most advantageous steps to defend against them?

Download our white paper, “Cyberattack Techniques and What They Mean for Your Business” today.