Ransomware is malware that a bad cyber actor installs on your computer systems, encrypting essential files to hold your business hostage in exchange for money. It’s a massive cyber threat with staggering costs. (via Decoding Cyber)

Consider these five stats:

  • 68% of all cyberattacks worldwide are ransomware.

  • 217 million of them occur in the United States (ranked first).

  • The global damages for ransomware exceed $30 billion.

  • The average cost of a data breach caused by ransomware is $4.54 million (doesn’t even include the actual ransom payment).

  • 78% of organizations say they’re “very” or “extremely” prepared to thwart a ransomware breach — yet half of them still suffer attacks anyway.

If you’re running a business, should these numbers terrify you? Yes and no. On the “yes” side, you must continually remember that this threat is never going away. Within the larger cyber war, ransomware is a significant battle perpetrated by bad actors who will likely never give up this tactic.

But that leads to the “no” part of the equation: cybercriminals will leverage ransomware only insofar as organizations make it easy. If you guard your company doors and windows and install a state-of-the-art security system, you are lessening the likelihood that cybercriminals will devote their resources to you when they can just go to your less secure neighbor. In other words, don’t be an easy target.

When framed in these terms, guarding against ransomware should go from “scary, expensive, and impossible” to “manageable within our budget.” By understanding the basics about vulnerabilities within your systems and networks, you will be in a great position to implement — and maintain — a solid ransomware defense with existing resources and minimal extra costs.

So here are three ways to guard against ransomware while not breaking the bank.

1. Implement a strong cybersecurity posture

The best way to protect against ransomware is to implement a strong cybersecurity posture that includes the following, most of which can be done with your current IT folks, i.e., without paying a single dime to a vendor:

  • Regularly update software and operating systems: This will help patch vulnerabilities that ransomware could exploit. The keys here are to be diligent and thorough and not to wait around. The last thing you want is to suffer an attack because you were a few hours late on a software update. 

  • Use strong passwords and multi-factor authentication (MFA): This will make it more difficult for cybercriminals to access your systems. All you have to do is ensure that everyone in your organization follows password security best practices.

  • Educate employees about ransomware attack vectors: This will help your teams identify phishing emails and other social engineering tactics commonly used to spread ransomware. It’s not particularly tough to see when scammers are trying to bait you into clicking a malicious link or handing over personal info. But you must be in the right, alert mindset, because getting caught up in daily work and responding to phishing attacks is easy. That’s why ongoing cyber awareness is critical. Fortunately, plenty of free programs are online, including us here at decodingCyber.

  • Back up your data regularly: This will give you a copy of your data if it is encrypted by ransomware. Depending on the volume of data you traffic in, you might have to shell out some green for this service. But think about it — what would you rather do? Suffer a cyber attack and: 

    • A: Not correctly back up your data and not have any way to run your business without said data.

    • B: Correctly back up your data and have a way to run your business with said backed-up data.

    • C: Do nothing and hope the ransomware magically does away.

    • Psst… the correct answer is “B,” don’t be tempted by “C.”

2. Implement a layered security approach

A layered security approach is a defense in depth strategy that uses multiple levels of security to protect against ransomware. I’m not going to lie; this might be the one place where you have to open up your wallet. But you might already be doing these things; you just need to check:

  • Deploy endpoint security: Endpoint detection and response (EDR) solutions are critical to protect your corporate assets, such as phones, computers, and servers (aka… your “endpoints” or physical devices connecting to and exchanging information with your network). Consider this part of a larger attack surface management strategy.

  • Account for proper network security: This will protect and monitor your network. The network is how data flows throughout your organization to and from endpoints. This includes firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation.

  • Lock down your data: After your endpoints and network are secure, you want to protect what flows within your corporate network: the data. This includes data encryption, data loss prevention (DLP), and access controls.

3. Have a ransomware response plan in place

A ransomware response plan is a set of procedures to help you recover from a ransomware attack. These types of incident response plans are essential for two main reasons:

  1. They encourage a defensive mindset. Creating them should compel you to ask yourself, “Are we doing everything we think we’re doing to thwart an attack, and how do we know?”

  2. They help minimize downtime. If you suffer a major cyber attack, being prepared will help you minimize the time your systems are down, which has risen from about two weeks to three weeks on average, according to Statista.

Your plan can be made with little to no money spent (assuming you have the expertise within your company to oversee the process) and should include the following six steps:

Step 1: Prevention

Refer to the first two points above and document them. This will help you ensure you are adequately addressing the potential threat.

Step 2: Detection

You want to determine how you will confirm you are dealing with a ransomware attack. Believe it or not, there are some false alarms. At this stage, you will also want to outline how to identify the type of ransomware and the systems affected, leading to the next step.

Step 3: Containment and Isolation

You want to discuss ways to stop the spread of malware and isolate an infected system. This will help to prevent the ransomware from spreading to other systems. Proper network segmentation will be crucial in the containment phase.

Step 4: Communication

If you are dealing with ransomware, don’t call 911.


If you are dealing with ransomware in the US, don’t call 911. Report it to:

  1. IC3

  2. FBI

  3. CISA

This is where you plan all your communication. This might be the most essential step. Think about things like:

  • How to engage with your cyber insurance provider (assuming you have one). Will your insurance cover this? If so, what will your provider do? These questions help you determine your liabilities. 

  • How to communicate with your customers and stakeholders. This will help maintain trust and minimize the attack's impact; you are likely legally obligated to do so.

  • How to communicate with your attacker. Do you negotiate with them? Will you pay the ransom?

  • How to communicate with law enforcement. When and how do you need to engage law enforcement? Who do you call?

Step 5: Mitigation

Write out how you plan to deal with the malware. Who can you rely on for assistance? If this is covered by insurance, what will they help with? This is where you want to take your time and ensure all the critical stakeholders are at the table to plan your response strategy.

Step 6: Recovery and Assessment

At this point in your plan, determine how to restore your data (assuming it is encrypted via the attack). This will ensure you can regain access to your data, most likely from a backup. Data encrypted via a ransomware attack can rarely be decrypted. Make sure you run a backup and restoration test(s). The last thing you want to do here is accept, “Well, in theory, our customer data can be restored… according to the vendor. I think, right?”

You will want to discuss how to draft an assessment of the situation after it ends. Will you have to rebuild your network? What will trigger that decision? Who will decide? After all, a bad actor was inside your network and might have seen other vulnerabilities, creating a backdoor for them to re-enter later. Who will be allowed to see this report? Will any of this be discoverable should there be a legal dispute? Ensure your legal team/representative is actively engaged in drafting this step and reviews the entire plan.


In the digital world, bad cyber actors will attack most businesses at one time or another. But that doesn’t mean yours will suffer the terrible consequences of a ransomware attack. By implementing a strong cybersecurity posture and a layered security approach, you can reduce the chance that an attack will work. By staying current on the latest threats and trends and creating a ransomware response plan, you can protect your business from ransomware without breaking the bank.

Leave a Reply

Your email address will not be published. Required fields are marked*