How to protect against ransomware

Written by
Scott Hagerty

Go Back

It’s estimated that cybercrime will cost the world $10.5 trillion each year by 20251 Every 60 seconds, almost $3 million is lost to cybercrime with top businesses paying $25 a minute due to cybersecurity breaches2

According to numerous reports3, ransomware is one of the primary risks companies face in 2021, with no less than one in five Americans a victim of ransomware4. In 2020 alone, there was a ransomware victim every 10 seconds5

What is ransomware?

As the name suggests, ransomware is ever-evolving malicious software that blocks access to a computer system or data until a ransom is paid.

The Cybersecurity & Infrastructure Security Agency (CISA) states that ransomware encrypts files on a device so they’re unusable until a ransom is paid in exchange for decryption. By targeting mission-critical services, the monetary demands can exceed $1 million6

How to prevent ransomware attacks

Although ransomware attacks are on the rise, the good news is there are actions you can take to protect your business data. The most impactful steps include:

Endpoint Detection and Response (EDR)

Install the latest endpoint detection and response software, antivirus software alone is not enough, on all servers and workstations. If there are performance concerns, invest the time to tune the software to protect the operating system while still allowing the business application to function as needed.

Multi-factor authentication MFA

Passwords are often compromised without your system ever being breached. This is especially common where passwords are re-used between a user’s primary work and other platforms. To combat this, multi-factor authentication (MFA or 2FA) makes it difficult for a malicious actor to access an account without having access to a second factor, which is usually a cell phone number or a physical token.


Malicious actors are frequently seeking, identifying, and targeting backups. That’s why you should ensure that backups are immutable, so if that account becomes compromised, they can’t be immediately deleted by the same account used for everyday management.

How to recover from a ransomware attack

If the worst has happened and your system or data has been compromised, what should you do next?

  • Stop the bleeding: To minimize the potential damage, isolate or turn off systems until you can identify the source and determine the severity of the breach.
  • Enact your incident response plan: If your business doesn’t have one, then there’s no time like the present to start developing one! Identify the key people to be informed and involved, and establish clear lines of communication and areas of focus: staff and communication, threat mitigation and diagnostics (is it safe), technical recovery (restoring functionality), coordination (who does what/when). Those in charge of coordination should either use an existing data prioritization list or triage which are the most critical systems to protect and restore first.
  • Work with your Cyber Insurance broker and if you don’t have one, put that in place immediately.

Need further help from Insource?

If you need any ransomware-related assistance or have a question about safeguarding your company against cybercrime, we are always happy to help.

Plus, our blog is an up-to-date and relevant resource – discover more from Insource Insights here.

Follow us on social media here:




For anything else, email us at or call us on (781) 235-1490.