Ransomware Cheat Sheet for IT Professionals: How to Prevent and Neutralize Cyberattacks


Healthcare has been front and center in the news for the past year as the world has fought a common viral enemy. But even as healthcare organizations have battled COVID-19, they have had to endure attacks from another malicious source.

Ransomware gangs have targeted healthcare providers for a long time, but during the pandemic, the number of attacks has significantly increased. In fact, nearly half of all data breaches in the healthcare sector are ransomware-related, and the stakes just keep getting higher.

Whereas once ransomware operators seemed content to encrypt data and hold it for ransom, today’s more destructive tactics include not only holding data hostage but also publicly exposing the stolen data on leak sites.

Common Ways Ransomware Infections Occur

Ransomware is not a new problem—and it’s definitely not isolated to the healthcare industry. But despite ransomware being a well-known threat, it continues to spread in much the same manner it always has. Ransomware operators primarily take advantage of human error to infiltrate networks and render systems useless until the ransom is paid.

Some of the most common ways ransomware attacks succeed include users opening phishing emails that trick them into revealing login credentials, account numbers, or other sensitive information; opening infected email attachments; or clicking malicious links that download malware onto a computer or device.

The Impact of Ransomware

Once upon a time, ransomware was not much more than an inconvenience. However, in today’s data-obsessed business environment, a successful ransomware attack has far more serious repercussions.

The most obvious and damaging impacts ransomware has on businesses are the disruption to business operations, the expense of downtime, and the potential for lost data. However, with the growing popularity of leakware attacks, the threat of data exposure in addition to encryption is keeping enterprise IT security teams up at night.

Tips to Prevent Ransomware Attacks

As with all cyberthreats, successful ransomware prevention is a moving target. However, implementing a few core best practices can help you stop or neutralize attacks before they do significant damage to your company’s data, operations, and reputation.

Make patching a priority.

Patching is tedious and time-consuming, but the alternative is a far bigger (and more expensive) hassle.

Backup data frequently to a secure, off-site/cloud location.

Some ransomware strains target backup files, so keep a current copy of your data out of harm’s way and separate from the network.

Train staff on digital hygiene best practices.

It only takes one bad choice to open the gate to many hours’ and many dollars’ worth of cleanup and remediation.

Segment the network.

Don’t give away the keys to the castle. Sectioning off the network helps minimize how much data cybercriminals can access and encrypt before anyone notices if a breach occurs.

Inventory all digital assets.

You can’t protect your perimeter if you don’t know how far it extends. Thoroughly inventory and secure every device, service, and application with access to company resources and systems and disable any assets that are nonessential.

Implement a communication strategy to inform employees of a breach.

Use email or another company-managed communication method to loop in employees regarding updates on the current state of operations, the latest recovery status, and any other information that provides employees with visibility into the security event.

Conduct a threat analysis.

A threat analysis will help identify potential internal and external threats to your security perimeter and quantify the impact of a successful breach.

Perform penetration testing.

Penetration testing is a method that demonstrates how effective your current ransomware protection solutions are. Penetration testing lets you see the exact route a hacker could take to break into your network, so you know where your weaknesses are and how they can be exploited.

Replace legacy systems with current technology.

Ransomware tactics evolve at a lightning pace, so the older your cybersecurity solutions, the less effective they will be against new ransomware strains.

Invest in a cybersecurity and data protection solution.

No organization needs JUST cybersecurity or JUST data protection. Invest in a comprehensive solution that covers your data, applications, and systems from every angle.

Purchase a cybersecurity insurance policy.

In the event of a successful ransomware attack, cybersecurity insurance will offset the costs of remediation, liability, and cleanup. However, it is critical to understand in advance exactly what is and what isn’t covered under your policy.

Proactively create a disaster recovery plan.

Don’t wait for a crisis to start planning disaster recovery. It is essential to proactively prepare for business continuity and data restoration to prevent prolonged downtime and data loss.

Ransomware gangs are ramping up for another busy—and lucrative—year. Download Your Guide to a Ransomware-Free Future for more tips and best practices to avoid being a victim.