Essential Strategies To Prevent Ransomware Attacks

Law enforcement crackdowns saw ransomware payments fall by more than a third from an all-time high of $1.2b (£930m) in 2023 to $813m (£650m) in 2024, figures reveal. Coordinated raids across Ukraine in 2024 also culminated in the arrest of key members of LockBit, a ransomware group that had been responsible for attacks affecting over 2,000 victims in over 70 countries, including the UK, receiving more than £90m in ransom payments

Significant progress has been made in dismantling ransomware organisations, and the reduced number of incidents are a testament to the effectiveness of law enforcement, international collaboration, and a growing refusal by victims to bow down to attacker demands. 

While the figures might indicate that we’ve narrowly dodged a ransomware extortion crisis, the biggest mistake would be to rest on our laurels, as the threat is not eliminated entirely. The ransomware ecosystem is rife with smaller players, with more emerging from the cracks. It is no surprise that JumpCloud's 2024 IT Trends research reveals over half of IT admins surveyed still rank ransomware as a top three security concerns, and rightfully so. 

Ransomware Ban: Addressing The Symptoms Or Root Cause?

The UK government’s recent proposal consultation signals a firmer stance on ransomware payment demands. According to the Home Office, proposed legislation will aim to reduce the flow of money to ransomware criminals from the UK, ultimately deterring criminals from attacking UK organisations; and increase the ability of operational agencies to disrupt and investigate ransomware actors by bolstering UK intelligence around the ransomware payment landscape. 

This is a step in the right direction and shows a real shift towards institutional change. However, ransomware is a disease. Banning pay-outs addresses the symptoms, but we need to tackle the cause and explore how technology can protect against ransomware threats before they happen.

Never Trust, Always Verify 

With ransomware attacks preying on weak security fundamentals, the best defense is a strong offense. A multi-layered Zero Trust security approach is the key for businesses. This means assuming that no user or device, whether within or beyond the organisation’s network, is inherently trustworthy. 

Some core fundamentals include requiring Multi-Factor Authentication (MFA) for every account. This way, even if credentials fall prey to attackers, there is another layer of defense in place and stolen credentials alone will not be usable. Sensitive systems should not be logged on from almost anywhere and controlled limited access based on device trust and location reduces the risk of breaches. Conditional Access Policies, whenever and wherever possible, makes sure only verified devices and users can get into company resources.

Beyond getting your data held hostage during ransomware attacks, destroyed backups can further compromise effective data recovery. Therefore, isolated backups and protection ensure the backup service is resilient to follow-up attempts to destroy backup data, malicious editing, overwriting or deleting. 

While backups are important, businesses must also make sure to thoroughly test their data recovery regime, as well as run simulated ransomware tabletop exercises to test businesses' preparedness and sharpen their response capabilities against real ransomware threats.

At the core, strong cyber hygiene across an organisation is crucial. This includes patching known vulnerabilities, regularly monitoring to identify suspicious activity early, and reducing potential entry points for attackers. 

The right defenses make all the difference. A “Never Trust, Always Verify” mindset backed by tighter access controls, automated monitoring, and cloud-based security policies can keep attackers out before they make their move. 

The Strongest Firewall Is Your Team

A chain is only as strong as its weakest link. While the technology already exists and plays a huge role in thwarting ransomware attacks, it is equally important to make sure businesses are cultivating a culture of protection. 

Employee training on phishing and social engineering can help organisations further minimise vulnerabilities and strengthen their overall ransomware defenses.  These regular training sessions should cover topics like avoiding suspicious downloads and reporting potential security incidents. Improved awareness ensures that all users are vigilant and can significantly reduce the risk of a successful ransomware attack.

While law enforcement is actively cracking down on ransomware groups and firmer legislation aims to reduce the number of attacks, ransomware threats are not slowing down. But businesses can take several steps to make it far more difficult for attackers.

By leveraging more resources and technology solutions while also nurturing a strong culture of protection within the organisation, we have the power to slow the surge of ransomware attacks globally. 

Robert Phan is Chief Information Security Officer at JumpCloud 

Image:

You Might Also Read: 

Protecting Business From The Infostealer Threat:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Manus - A Fully Autonomous Artificial Intelligence
Creating A Safe & Healthy Workplace: 10 Essential Security Measures »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

Privacy Analytics

Privacy Analytics

Privacy Analytics enables healthcare organizations to unleash the value of sensitive data for secondary purposes without compromising personal health information.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.