by Char Hunt | Senior TechChurn Staff Writer, Editor

February 18, 2025

Businesses of all sizes are becoming targets of ransomware campaigns at blazing speed as cyber criminals, with increasing sophistication, hack into computer systems and mobile devices. With the goal of stealing or locking out companies from their sensitive data through advanced encryption, these bad actors usually demand a ransom for retrieval of critical data.

Over the course of the last five years ransomware attacks have increased by as much as 50-60 percent. Fortunately, there are a variety of methods today’s businesses can use to safeguard themselves and their assets from ransomware attacks. Consider the following measures when assessing how your organization is approaching protection.

1. Tread carefully with email links: If you receive an email that contains links, do not open it unless you are positive the link is legitimate. Be wary of opening attachments or downloading documents from emails, regardless of who sent them, as they may contain viruses or software designed to weaken the protection of the computer.

2. Establish a data recovery and a backup plan: Having a tested data recovery and backup plan in place is important for dealing with the threat of ransomware attacks. In a surprise move, attackers recently waited 31 days before launching their ransomware to ensure that their code is in every backup copy up to the 30-day retention policy.

3. Automate antivirus updates: One of the simplest and yet important steps to securing data is to make sure that antivirus and anti-malware solutions are set up to update automatically. This will lessen the potential for threats due to forgetfulness or being swept up in pressing company matters. Also make sure that antivirus software regularly runs scans on all computers.

4. Invest in employee education: Employees are a key component to guarding against ransomware attacks and can actively assist in the implementation of ransomware in a company. In order to achieve this, however, employees must be educated on what they should and shouldn’t do in order to mitigate the potential of threats. Offering educational trainings and best practices webinars are a great way to make sure employees are on the same page as those at the company who manage cybersecurity. Additionally, be sure to conduct regular testing by initiating tests quarterly.

5. Configure multi-factor authentication for email and business sensitive systems: Cyber criminal phishing campaigns are a common method to getting ahold of employee usernames and passwords which can give them access to sensitive information. Email accounts are particularly vulnerable as cybercriminals will send urgent requests to targets and ask them to change passwords or fill in personal information, and if a target complies, that information is sent directly to the cybercriminal.

6. Multi-factor authentication: Multi-factor authentication is an effective method for mitigating threats as it requires other authenticators to gain access to sensitive information, rendering most phishing efforts useless. The various types of multi-factor authentication include the use of biometrics, PINs and hardware tokens (such as fobs).

7. Don’t pay the ransom: Although restoring compromised systems is a costly and time-consuming process, the option to pay the ransom does not guarantee that you will recover your files. Organizations can be sure they’ve just provided a large sum of money to a cyber criminal likely to strike again, whether it’s against themselves or another business/individual.

Attempts are being made to outlaw ransoms by cybersecurity experts and politicians across the globe. The basic tactics are essential for establishing a strong line of defense against ransomware.

But the increasingly advanced capabilities of cybercriminals underscores the importantance staying current on new developments and trends. As mentioned, paying the ransom does not guarantee that you will recover important files. It only lays the groundwork for cyber criminals to strike again.

Stay security aware, and make sure your organization is up to date on the technologies designed to help keep it safe.