Essential Strategies To Prevent Ransomware Attacks

Law enforcement crackdowns saw ransomware payments fall by more than a third from an all-time high of $1.2b (£930m) in 2023 to $813m (£650m) in 2024, figures reveal. Coordinated raids across Ukraine in 2024 also culminated in the arrest of key members of LockBit, a ransomware group that had been responsible for attacks affecting over 2,000 victims in over 70 countries, including the UK, receiving more than £90m in ransom payments

Significant progress has been made in dismantling ransomware organisations, and the reduced number of incidents are a testament to the effectiveness of law enforcement, international collaboration, and a growing refusal by victims to bow down to attacker demands. 

While the figures might indicate that we’ve narrowly dodged a ransomware extortion crisis, the biggest mistake would be to rest on our laurels, as the threat is not eliminated entirely. The ransomware ecosystem is rife with smaller players, with more emerging from the cracks. It is no surprise that JumpCloud's 2024 IT Trends research reveals over half of IT admins surveyed still rank ransomware as a top three security concerns, and rightfully so. 

Ransomware Ban: Addressing The Symptoms Or Root Cause?

The UK government’s recent proposal consultation signals a firmer stance on ransomware payment demands. According to the Home Office, proposed legislation will aim to reduce the flow of money to ransomware criminals from the UK, ultimately deterring criminals from attacking UK organisations; and increase the ability of operational agencies to disrupt and investigate ransomware actors by bolstering UK intelligence around the ransomware payment landscape. 

This is a step in the right direction and shows a real shift towards institutional change. However, ransomware is a disease. Banning pay-outs addresses the symptoms, but we need to tackle the cause and explore how technology can protect against ransomware threats before they happen.

Never Trust, Always Verify 

With ransomware attacks preying on weak security fundamentals, the best defense is a strong offense. A multi-layered Zero Trust security approach is the key for businesses. This means assuming that no user or device, whether within or beyond the organisation’s network, is inherently trustworthy. 

Some core fundamentals include requiring Multi-Factor Authentication (MFA) for every account. This way, even if credentials fall prey to attackers, there is another layer of defense in place and stolen credentials alone will not be usable. Sensitive systems should not be logged on from almost anywhere and controlled limited access based on device trust and location reduces the risk of breaches. Conditional Access Policies, whenever and wherever possible, makes sure only verified devices and users can get into company resources.

Beyond getting your data held hostage during ransomware attacks, destroyed backups can further compromise effective data recovery. Therefore, isolated backups and protection ensure the backup service is resilient to follow-up attempts to destroy backup data, malicious editing, overwriting or deleting. 

While backups are important, businesses must also make sure to thoroughly test their data recovery regime, as well as run simulated ransomware tabletop exercises to test businesses' preparedness and sharpen their response capabilities against real ransomware threats.

At the core, strong cyber hygiene across an organisation is crucial. This includes patching known vulnerabilities, regularly monitoring to identify suspicious activity early, and reducing potential entry points for attackers. 

The right defenses make all the difference. A “Never Trust, Always Verify” mindset backed by tighter access controls, automated monitoring, and cloud-based security policies can keep attackers out before they make their move. 

The Strongest Firewall Is Your Team

A chain is only as strong as its weakest link. While the technology already exists and plays a huge role in thwarting ransomware attacks, it is equally important to make sure businesses are cultivating a culture of protection. 

Employee training on phishing and social engineering can help organisations further minimise vulnerabilities and strengthen their overall ransomware defenses.  These regular training sessions should cover topics like avoiding suspicious downloads and reporting potential security incidents. Improved awareness ensures that all users are vigilant and can significantly reduce the risk of a successful ransomware attack.

While law enforcement is actively cracking down on ransomware groups and firmer legislation aims to reduce the number of attacks, ransomware threats are not slowing down. But businesses can take several steps to make it far more difficult for attackers.

By leveraging more resources and technology solutions while also nurturing a strong culture of protection within the organisation, we have the power to slow the surge of ransomware attacks globally. 

Robert Phan is Chief Information Security Officer at JumpCloud 

Image:

You Might Also Read: 

Protecting Business From The Infostealer Threat:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Manus - A Fully Autonomous Artificial Intelligence
Creating A Safe & Healthy Workplace: 10 Essential Security Measures »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.