Ransomware: Not A Matter Of If, But When

Ransomware isn’t only deployed via email. According to FBI Cyber Division Assistant Director James Trainor:

“These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

How Do You Prevent Your Business From Becoming a Victim of Ransomware?

There are several key elements that together provide a strong and long‑lasting wall of defence for your organisation (and for home users too).

Ransomware isn’t only deployed via email,  “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

How do you prevent your business from becoming a victim of ransomware?
There are a number of ways you can do this. These are some of the key elements that together, can provide a strong and long lasting wall of defence for your organisation (all of these steps can also be applied to the home user).

Backup Your Data
Backing up your data daily reduces your vulnerability. If your data is encrypted, you won’t have to pay the ransom. You may lose a day’s work, but that’s far better than losing everything.

However, onsite backups come with risk — ransomware can seek out and destroy backup data. We’ve seen attacks where the malware actively targets connected backup drives first.

An off‑site/cloud backup is ideal. Because it only connects during the backup process, it remains safe even if ransomware deploys overnight. Hardware may still be damaged, but your business can recover if your data is intact.

Educate Your Staff
If an employee uses a computer connected to the internet or receives email, they need awareness training.

• Users should not log in to any site that doesn’t show https://.
• Check email addresses carefully — phishing sites often contain subtle typos.
• Users should avoid opening emails, links or attachments from unknown senders.
• Hover over links to see the real destination.
• Legitimate organisations will never ask for usernames, passwords or personal details via email.
• Banking/government bodies will not send ZIP files or Word documents without prior contact.
• Malware emails often contain spelling and grammar errors.
• If an email appears to be from someone you know but contains an unexpected attachment, call them to confirm.

It is better to delete a legitimate email than to open something suspicious.

Firewalls
Firewalls are a necessary and extremely effective defence tool. A good firewall offers:

• multi‑layer protection
• web‑blocking services
• deep inspection of all traffic, including encrypted traffic

When configured correctly, they are an ultimate tool of defence.

(At F5 Solutions, we highly recommend, use and deploy WatchGuard Firewalls)

Antivirus
Antivirus should never be your first or only line of defence. AV programs are only as effective as their last update. Many cannot detect or prevent ransomware, and even when they do, the damage may already be done.

Patching
Ensure patches are applied to all machines and servers. Patching won’t stop all attacks, but it closes known vulnerabilities. Patches are released regularly to address security and critical operating issues.

No Single Solution Is Foolproof

Multiple steps are required to protect your business. These measures are not “set and forget” — they require ongoing updates, monitoring and adjustments as malicious software evolves.

If your business has any form of data, then you have something worth stealing or holding to ransom.

Don’t forget: it’s not a matter of if, but when.
Educate your staff, build your defence and stay vigilant.