Guide On How To Protect Against Ransomware

Kurt Baker - September 19, 2023

How to protect against ransomware?

Protection against ransomware, a type of malware that uses malicious software to encrypt data on a victim’s computer, is essential for organizations to properly operate in the digital environment. During a ransomware attack, the victim’s data is held hostage until a ransom is paid. Ransomware can often spread across a network so that it stops productivity across an entire organization. There are many different types of ransomware and variants within each type. Reading about ransomware examples will help you understand the importance of protecting against such an attack. Read the following guide to learn tips on how to protect against ransomware.

Get CrowdStrike’s Small Business Cybersecurity Survival Guide to learn how to identify threats and stop them, even with limited resources.

Download Now

Prevent the impact of ransomware

Ransomware attackers target organizations of any size with malware like Ryuk ransomware and Android ransomware. Small- and medium-sized businesses are often the targets because they have the following vulnerabilities:

  • Employees sometimes use a personal mobile device instead of a work computer protected by security software.
  • These organizations have sensitive data and smaller security teams. For example, retail businesses have credit card information that can be exploited.
  • These organizations have links to a larger target account. Cybercriminals can use small- and medium-sized businesses to gain access to a parent organization or disrupt the supply chain of a larger target.

To prevent a ransomware infection and stay protected, implement the following tips:

  • Use security software: Protect all devices with security software and keep the software updated.
  • Understand ransomware threats: Stay informed about the latest ransomware tactics and don’t click suspicious links.
  • Use secure networks: Avoid public Wi-Fi networks where cybercriminals can see what you browse. Instead, you should install a virtual private network to ensure a secure connection to the internet.
  • Train employees: Provide cybersecurity training to employees at your organization so they understand common phishing attack tactics and other common attack vectors. You can send fake phishing emails to identify employees who might need further education.

Expert Tip

Read this article to expand on the above tips on how to prevent ransomware and learn new ones to stay protected. Ransomware prevention tips

Limit the impact of ransomware

To mitigate damage if you are affected by ransomware, use the following tips:

  • Backup your data: You can protect your data by backing up critical files in the cloud or on an external hard drive. If you’re the victim of a ransomware incident, you can wipe your device and reinstall based on the backup.
  • Secure your backup data: Ransomware often looks for data backups to encrypt or delete along with the attack. Make sure to back up your critical data separately from the system where the data is used.
  • Use security software: An endpoint protection solution can detect ransomware behaviors with indicators of attack to stop the encryption of files on your network before the ransomware spreads. A solution like CrowdStrike’s Falcon Complete also offers seasoned security experts to help your team respond. CrowdStrike’s cloud-delivered endpoint protection and workload protection can enable businesses like yours to defend against ransomware.

Customer Story: City of Phoenix

The City of Phoenix is the municipal government for Phoenix, the fifth largest city in the U.S. It provides about 1,600,000 citizens with a wide range of public services including water, police, fire and housing, and employs 13,000 staff across diverse and often autonomous operational units.

Learn how CrowdStrike helped protect the City of Phoenix’s thousands of endpoints.

Download Now

Ransomware considerations for businesses

To make ransomware prevention and mitigation efforts a priority, business leaders can educate themselves before an attack occurs about how ransomware spreads. Then they will be ready to respond if the time comes. Business leaders can also educate employees because employees often are the entry points for a ransomware attack. For example, social engineering attacks occur when a cybercriminal uses human interaction to gain information about an organization or computer system to facilitate an attack.

How to prevent victimization

  • Response: Security experts can work closely with your team to determine the best incident response if an attack occurs. When comparing solutions, consider the benefit of investing in a seasoned company that can provide this expertise.

If your company is affected by ransomware, it’s important to act quickly. The following steps can help prevent your business from being further victimized:

  • Disconnect the affected device from your network to prevent ransomware from spreading to all your devices.
  • Identify the entry point to determine any additional affected devices. You should check alerts from your security software and ask employees about any suspicious links or attachments to help identify the source.
  • Contact law enforcement to help find the perpetrators and follow compliance regulations related to security breaches.
  • Determine the appropriate response. You might be able to restore your system from a backup or use a decryption key.

Mitigation issues to consider

A primary mitigation issue for businesses is that you may not get your data back even if you make the ransom payment. Ransomware operators sometimes ask for repeated payments or provide a decryption key that doesn’t fully recover files. Additionally, organizations that have paid ransoms in the past become a target for future attacks. If you’re the victim of a ransomware attack, consider these risks before paying a ransom.

Another mitigation issue for businesses is the challenge of fully eradicating the malware. A thorough investigation with the help of a strong security software can help you find the source, assess the spread and eradicate any malware. It’s important to investigate and respond to all threats so that an attacker doesn’t have ongoing access to your network.

Expert Tip

5 steps to ransomware recovery:

1. Implement Your Incident Response (IR) Plan

2. Determine Attack Style and Isolate Systems

3. Back Up, Back Up, Back Up!

4. Use Data Recovery Software or Decryption Tools

5. Add Additional Security

Read In-Depth: 5 Steps to Recover Data After a Ransomware Attack

What to look for in a ransomware protection solution

A ransomware protection solution should be able to provide intelligence, technology and expertise to successfully stop ransomware. Consider the following features when choosing a ransomware protection solution:

  • Prevention: A robust threat data set allows your software solution to prevent the most common ransomware before it infiltrates your system. Features like artificial intelligence set a solution apart because the system can continue learning and adapting to the changing ransomware threat landscape.
  • Detection: A solution with the ability to identify indicators of attack helps you detect and identify ransomware behaviors before the threat spreads.
  • Response: Security experts can work closely with your team to determine the best incident response if an attack occurs. When comparing solutions, consider the benefit of investing in a seasoned company that can provide this expertise.
  • Prediction: Threat intelligence technology allows your business to make faster, more informed security decisions based on the analysis of a threat actor’s motives and attack behaviors. Threat actors are constantly adapting, so it’s important to continually strengthen the security posture of your business as well.

Ransomware Protection Solutions

Explore CrowdStrike’s ransomware protection solutions designed to help businesses prevent, detect, and respond to ransomware threats.

Explore Now


Kurt Baker is the senior director of product marketing for Falcon Intelligence at CrowdStrike. He has over 25 years of experience in senior leadership positions, specializing in emerging software companies. He has expertise in cyber threat intelligence, security analytics, security management and advanced threat protection. Prior to joining CrowdStrike, Baker worked in technical roles at Tripwire and had co-founded startups in markets ranging from enterprise security solutions to mobile devices. He holds a bachelor of arts degree from the University of Washington and is now based in Boston, Massachusetts.