Tips for organisations to stay protected from ransomware


Ransomware is still one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of highly targeted file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.

Today, businesses large and small are no exception to the threat of increasingly aggressive ransomware attacks. Loss of access to critical files, followed by a demand for payment, can cause massive disruption to an organisation’s productivity. According to Sophos’ recent report “The State of Ransomware 2022”, 66 per cent of organisations were hit by ransomware last year – an increase from 37 per cent in 2020. In 2021, attackers were successful in encrypting data in 65 per cent of attacks, and there was a decrease in attacks that did not encrypt data, but threatened to leak the victim’s data.

Amidst this, it is imperative for enterprises to implement best practices to stay protected from ransomware, and here’s how:

Backup regularly and keep a recent backup copy offline and offsite

In the case of a ransomware attack, having an encrypted backup can save enterprises’ precious time and financial resources in getting operations back up and running. Having a backup that is regularly updated and available offline and offsite, also ensures that leaders do not have to worry about the backup device falling into the wrong hands.

Enable file extensions

The default Windows setting has file extensions disabled, meaning enterprises have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to users, such as JavaScript.

Be cautious about unsolicited attachments

Ransomware attackers rely on the dilemma users face knowing that they shouldn’t open a document until they are sure of the sender and its contents. In cases where the authenticity of an email cannot be confirmed, a good practice is to exercise caution and report suspicious content.

Monitor administrator rights

IT teams should ensure that they constantly review admin and domain admin rights, and are updated on who has them and remove those who do not need them. Additionally, users should not stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while they have administrator rights.

Use strong passwords

It sounds trivial, but it really isn’t. A weak and predictable password can give hackers access to an organisation’s entire network in a matter of seconds. It is recommended that users use passwords that are at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation; Ju5t.LiKETh1s!

(The writer is the Country Manager for Sri Lanka and Maldives at next-generation security leader Sophos)

By Prasad Wijesuriya