The business owner’s guide to preventing ransomware attacks

Ransomware is one of the biggest cyberthreats facing businesses today. It’s disruptive, often costly to remediate and affects organizations of all sizes, from mom-and-pop stores right the way through to schools, hospitals and government agencies.

In this blog post, we’ll discuss how to prevent ransomware attacks on your business, proven techniques you can use to keep your systems safe and what to do in the event of an incident.

What is ransomware?

First observed in the late 1980s, ransomware is a type of malicious software that uses encryption to prevent you from accessing a computer system, or the data stored on that system, until a sum of money (often measured in the hundreds of thousands) has been paid to the attacker. Failure to pay the ransom by the specified deadline results in the data being lost forever. Many modern ransomware incidents also involve a data exfiltration component, whereby attackers use the threat of data leaks and public exposure as additional leverage to encourage victims to pay up.

During the incident, a ransom note is usually deposited on the target system, which typically includes payment instructions, an overview of the data that was stolen during the incident and directions on how to communicate with the attacker.

Once the ransom has been paid, the attacker will – in theory, at least – provide a decryption tool that allows the victim to recover the encrypted files. However, when you’re dealing with cybercriminals, there are no guarantees. Your data might get corrupted during the decryption process due to a faulty decryption tool, or threat actors might leave a backdoor on your system so they can return at a later date and engage in further malicious activity.

Paying the ransom may also incentivize further attacks, while the money generated during ransomware incidents may be used to fund other forms of illegal activity. Law enforcement agencies and cybersecurity experts strongly recommend that you should never pay the ransom.

How to protect against ransomware

The following practices may help organizations reduce the risk of a ransomware incident.

1. Maintain backups of your data

A robust backup strategy remains the most effective way of mitigating the impact of a ransomware incident. Should your business fall victim to ransomware, backups allow you to restore your data and return your systems to a safe and operational state.

To maximize the impact of an attack, ransomware operators will often deliberately seek out and destroy locally stored backups. With this in mind, it’s important to maintain backups on a mixture of media storage and store copies both on- and off-site, preferably using a trusted cloud service.

The 3-2-1 rule is a useful starting point for developing a strong backup strategy:

See this article for more guidance on creating ransomware-proof backups.

2. Develop plans and policies

Avoiding ransomware isn’t always possible. Every business should operate on the assumption that it will, at some point, be impacted by ransomware. When that moment occurs, you need to be confident that you’ll be able to respond quickly and decisively in order to limit the impact of the incident.

That’s where an incident response plan comes in. An incident response plan is a formal document that sets out the step-by-step actions that need to be taken to remediate an incident, the people – both internal and external – who are responsible for doing it, and the tools they’ll use to get the job done. Your plan might also define how you’ll respond to the ransom demand, along with your legal obligations and reporting procedures.

Once you’ve developed an incident response plan, you’ll need to put it to the test. Simulate a ransomware event using tabletop exercises, which can be used to measuring your team’s ability to remediate an incident and reveal any shortcomings in your response chain.

3. Stop malware from being delivered to your endpoints

The ransomware attack chain often begins with an inadvertent click by an absent-minded employee. While it’s not possible to eliminate every unwitting click, there are certain steps you can take to prevent ransomware (or the malware that acts as a precursor to ransomware) from being delivered to your endpoints in the first place.

Mail filtering and spam filtering, for example, can be effective for blocking malicious emails, while email authentication techniques such as Sender Policy Framework, DomainKeys Identified Mail, and Domain-Based Message Authentication, Reporting and Conformance are useful for validating the authenticity of an email and detecting suspicious messages.

Browser extensions such as Emsisoft Browser Security may also be useful for blocking access to dangerous websites that are used to distribute malware and launch phishing attacks.

4. Harden your system

System hardening is the practice of addressing security vulnerabilities throughout your IT environment – including both hardware and software – to condense your attack surface and subsequently reduce the risk of a ransomware incident.

A comprehensive guide to endpoint hardening is beyond the scope of this article, but the following may be a helpful starting point for understanding how to stop ransomware:

5. Train the team

Ransomware incidents most commonly begin with a user-initiated action (say, opening a malicious email attachment or clicking on a malicious URL), so businesses must provide staff with quality cybersecurity training, with a particular focus on the social engineering techniques threat actors use to distribute ransomware.

Cybercriminals are continuously finding new ways to implement and deliver ransomware, so training should ideally be an ongoing process to ensure your end users are up to date with the current threats. Everyone has a role to play in ransomware prevention, and quality training material can be an effective way of not only keeping the corporate network safe, but also building a culture of cybersecurity in the workplace.


Ransomware poses a serious threat to businesses big and small. By following the steps described above, you can start improving your security posture today and reduce the risk of falling victim to ransomware.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Looking for the ultimate solution to ransomware? You’ve found it. Emsisoft Anti-Malware uses custom-built behavioral monitoring to stop both known and unknown ransomware strains before they can encrypt your files. Download your free trial today.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next