• United States




5 tips to help you block ransomware

Feb 22, 20184 mins
Application SecurityData and Information SecurityHacking

Learn about best practices to combat the threat of ransomware

Credit: Thinkstock

There have been some seriously nasty ransomware attacks in the last few years. From Petya to Wannacry to the SamSam attack on health record company Allscripts just last month, ransomware has been wreaking havoc across the world. Global ransomware damages exceeded $5 billion last year, up from $325 million in 2015. That’s a meteoric rise. 

The sad thing is we understand the risks and how to mitigate them. A few simple steps can at least ensure that a bad situation isn’t made worse, but the evidence suggests that too many organizations have failed to learn the importance of a proactive approach. Let’s look at five areas that deserve attention.

1. Get your defenses in order

It’s vital to have a proper intrusion prevention system (IPS) in place. That means a cutting edge, high performance firewall and sandboxing support. Secure those open ports. Review your port-forwarding rules and try to find alternative ways to access resources. Apply rules to govern your network traffic and make sure it is being monitored round the clock.

Try to reduce the potential attack surface to make life harder for cybercriminals. Review your access policy for data and make sure it is suitably restricted. The fewer entry points there are to your system, the harder it will be for attackers to gain access, and the easier it will be for your IT staff to monitor and identify problems.

2. Sandbox web and email traffic

Filter incoming traffic for suspicious files and automatically block downloads from the web and strip attachments from emails, so that they can be properly analyzed before they gain access to your network.

Phishing scams are a very common point of entry for ransomware and it’s frequently found lurking in seemingly benign PDFs, Microsoft Office documents, and especially in executables. It’s not easy to round up and eject ransomware once it has a hold, so stop these files at the door.

The risk with email is very high; according to PhishMe the proportion of phishing emails that carry ransomware has increased to 97% and as many as 90% of data breaches can be traced back to a phishing email.

3. Educate your employees

You can’t rely on security software to keep you safe. A Ponemon Institute survey of 1,000 IT professionals at small and mid-sized businesses last year, found that 54% of respondents named negligent employees as the root cause of data breaches. You need clear policies, staff must be trained, and you need to test their understanding.

Combine sandboxing with a comprehensive training plan for security awareness and you can dramatically reduce the risk of ransomware gaining access to your network and catch it early if it ever does get in.

4. Try to minimize lateral movement

Once ransomware gains entry to a network it often propagates by spreading laterally. If you have a flat network topology, with endpoints connected into a central switch, then it’s going to be tough to see or control the spread. Segmenting your Local Areas Networks (LANs) and connecting them through the firewall can help you uncover and block laterally moving threats.

5. Infected systems must be isolated

Sadly, infections are something of an inevitability. The trick is to identify them as quickly as possible and take immediate action. Automatically isolating any compromised systems is a smart move. Make sure that nothing can spread and buy yourself some time to further analyze the problem. With some ransomware infections, you may be able to roll out an automatic fix, while others will require manual attention from an InfoSec pro.

It should go without saying that you need to patch systems on a regularly scheduled basis, keep software up to date (accept those updates!) and of course auto back up all your precious data nightly.

If you do fall victim to a successful ransomware attack it could prove very expensive. Malwarebytes found that ransomware attacks caused 22% of infected small and medium-sized businesses to cease operations immediately. For one in six, the infection caused 25 hours or more of downtime.

Putting the right protection in place is going be a lot cheaper than cleaning up after an attack. Be proactive and take steps to guard against ransomware today, before it’s too late.


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author