6 Essential Ransomware Prevention Steps Every Firm Must Take in 2024

We’re now more than halfway through 2024, and it’s clear that the year is already shaping up to set new records for ransomware, with a wide range of high-profile organizations coming under attack. Therefore, it’s more important than ever for businesses to ensure they have the right tools in place to protect against these threats.

BlackFog’s most recent quarterly report revealed that in the first three months of the year, there were 192 publicly reported ransomware attacks, a 48 percent increase over 2023. However, this only tells a small part of the story, as it’s estimated as many as five times this number go unreported, despite new incident disclosure rules from the SEC.

More than nine out of ten incidents (92 percent) involved data exfiltration, which allows cybercriminals to initiate powerful double extortion attacks, where they threaten to publicly release sensitive documents unless they receive a payment, making this by far the most prevalent cyberthreat firms face.

There has also been a resurgence in attacks by the LockBit ransomware gang. Despite having been briefly shut down by law enforcement earlier in the year, a recent report by NCC Group found that the latest LockBit 3.0 incarnation of the gang was behind a surge of activity in May, accounting for 37 percent of reported attacks in the month. This highlights how the fight against ransomware remains an ongoing game of cat and mouse between criminals and authorities.

A range of high-profile attacks in 2024 has highlighted the damage that a ransomware attack can do, both financially and operationally. For example, in June, an attack on a group of hospitals in London led to the cancellation of more than 800 operations and an urgent call for blood donations, as affected healthcare providers were unable to use their digital records to match patients’ blood.

The potential disruption caused by this type of attack is one reason why healthcare organizations remain among the biggest targets of hacking groups, as there is a belief they will be more willing to pay the ransom in order to restore services. Other organizations in this sector to come under cyberattack this year include Change Healthcare and Ascension.

However, enterprises across all industries remain at risk, from retail to government. With cybersecurity experts warning that ransomware attacks are also becoming “progressively more brutal” in 2024 as hackers increasingly look to threaten individual victims directly, it is imperative that firms take steps to protect themselves.

The best way to avoid these issues is to ensure ransomware is prevented before it has a chance to infect systems or exfiltrate data. Once valuable information is in the hands of hackers, it will be too late. Therefore, knowing how to prevent ransomware in the first place is vital.

There’s no one solution for effective ransomware protection. Instead, safeguarding your data relies on a combination of technologies and best practices that work together to create a comprehensive, defense-in-depth approach to protecting a business. Here are six steps that must play a role in this.

Human error remains the root cause of the majority of cybersecurity incidents. This can cover a wide range of mistakes, from poor password management to falling for phishing scams, or IT workers misconfiguring databases or websites in ways that leave them vulnerable to attack. To avoid this, a comprehensive security awareness training program to educate all employees of their responsibilities is a must. This should include regular updates on the latest threats and key signs to look for that may indicate a suspicious email or malicious links.

Another common cause of data breaches is the continued use of outdated software that contains known weaknesses. According to one study by Armis, 45 percent of critical common vulnerabilities and exposures (CVEs) were left unpatched in 2023, which can leave firms exposed to serious risks such as Log4Shell. Meanwhile many industries continue to use software that has officially passed its end-of-life or end-of-support date. Therefore, a clear patch management plan to ensure all software is updated regularly is one of the most effective actions any business can take to improve its security posture.

A frequent mistake many firms make is focusing too closely on their network perimeter in order to prevent unauthorized access to the network. However, even the toughest firewalls and email security tools can’t offer 100 percent protection. If hackers are able to bypass these first lines of defense, they may have free rein once inside the network to move undetected. Monitoring and threat intelligence solutions such as Intrusion Detection Systems that can analyze activity for suspicious behavior within the perimeter are essential in preventing this.

Other threats to data that must be addressed include users with high levels of access they do not need. This can mean that if their credentials are compromised – or if a disgruntled individual deliberately looks to steal data from their employer – it can be easy for sensitive data to be exfiltrated. Prevent this by adopting the principle of least privilege to ensure that users are only able to access the data necessary for their jobs and no more. At the same time, management tools such as multi-factor authentication and automated alerts that can warn security teams if an account tries to gain unauthorized access to data are also a must-have.

Turning to backups can’t help with double extortion ransomware where data has already been exfiltrated, but it will make it harder for more traditional variants such as locker or crypto ransomware to encrypt files or operating systems. The ability to quickly restore any data can greatly reduce the impact on critical operations. However, to do this, backups must be regular and comprehensive enough to ensure any lost data between the most recent backup and the infection is kept to a minimum.

As a last line of defense, it’s also vital to ensure endpoints are hardened with effective threat protection. This means not only tools to stop hackers from getting in, but also technologies that can prevent them from exfiltrating data should they successfully evade perimeter defenses. Tools such as dedicated anti data exfiltration (ADX) software ensure that even if a network is compromised, cybercriminals will be unable to steal valuable data, and therefore will not be able to use it to extort money from enterprises.

Effective use of the above tools will go a long way to protecting against ransomware threats. However, there is still no 100 percent guarantee of safety. It may only take one employee forgetting what they learned in training, or a cybercriminal utilizing a previously unknown vulnerability, for a system to be breached. 

In this case, it’s also important to have an incident response plan on how to recover from a ransomware attack. This should be treated as a last resort, but a well-executed strategy can help to minimize damage and ensure recovery times are as fast as possible.