Ransomware attacks continue to evolve in both scale and sophistication. According to the 2020 Sophos State of Ransomware Report, 26% of organisations paid the ransom demanded by cybercriminals – significantly lower than the 58% reported in 2019, but high nonetheless According to the Sophos report, 56% of organisations retrieved their data from backups.

As ransomware is a lucrative business for criminal syndicates, they have found innovative ways to remove security fail-safes to maximise their profits. Due to these new tactics, organisations need to evolve their cybersecurity measures to protect themselves from the evolving ransomware threat.

Guarding your organisation from ransomware requires a layered, defence-in-depth strategy. As a typical attack involves several phases, organisations must implement effective measures at each stage. Aligning your cybersecurity defences to the tactics deployed by criminal syndicates can help you protect your organisation.

Prevention Is Better Than Cure

Dealing with a ransomware incident can be time-consuming and costly. In addition to the potential data loss, it can impact your operations, result in direct and indirect financial consequences, and take a toll on your employees. The primary goal of any ransomware defence should therefore focus on preventing the infection in the first place. So, what are the steps you can take?


Anti-Malware can be a useful measure against known ransomware variants. However, as many of these solutions leverage a database of known file types, they are often ineffective against any new strains. Nevertheless, anti-malware also protects your organisation from other types of malware, so it is always a good idea to install it on all your devices. 

Web and Email Filtering

Most ransomware attacks start with a phishing campaign. Implementing a web and email filtering solution can mitigate the risk of your users receiving phishing emails. If an email does get through, the web filter can avoid any damage from clicking on a malicious link. However, like anti-malware, web and mail filtering vendors use a reputational database that is reactive. An undetected, sophisticated phishing attack may still circumvent even the best web and mail filtering service. 

Security Updates and Patches

Malware can also exploit known vulnerabilities in software and gain a foothold in an organisation’s internal network. Even if the systems are not externally facing, ransomware such as NotPetya has leveraged known vulnerabilities to propagate across internal networks and devices. Keeping systems up to date with the latest upgrades and patches is always a good practice. It can help you prevent various cybersecurity incidents, including a ransomware infection. 

Security Awareness Training

Often, security professionals say that the human element is the weakest link in the cybersecurity chain. Although this statement may be true to some extent, your employees could be your best defence with the proper training. Should a phishing email make it through your mail filter, a diligent staff member could prevent a devastating ransomware attack.

Multi-Factor Authentication

Another proven method used by criminals to infect organisations with ransomware is accessing systems using legitimate login credentials. Using lists of usernames and passwords obtained from other security breaches, they take advantage of weak or reused passwords. You can mitigate this risk by implementing multi-factor authentication. Requiring users to submit a second authentication factor, such as a code from their mobile device, prevents any attacks that leverage weak authentication controls. 

Limiting the Damage

If your preventative measures fail to stop a ransomware infection, having particular internal cybersecurity measures in place can limit the damage. Containing the ransomware to one device or system can reduce its impact on your data and operations.

Zero Trust

The Zero Trust model’s core premise is that an organisation should deem all digital elements as untrusted. Whether it be a workload, network, user, or device, this framework states that you need to put controls in place to authenticate every action. By segmenting your network and enforcing strict access control at every layer, you could prevent malicious code like ransomware from spreading. 

Monitoring and Alerting

Every IT environment needs a mechanism that can alert it to any incidents or problems proactively. A monitoring solution increases uptime and stability by keeping administrators informed about issues that may impact system performance. Security monitoring platforms provide the same functionality for security-related incidents. By continuously monitoring system anomalies that deviate from a defined baseline, they can help mitigate and contain a ransomware attack. 

Protect it all with backups

A defensive strategy against ransomware must start with backups first. Recovering your data from a backup is the only way to restore your encrypted information. However, you need the right backup solution that can protect you from an advanced attack. Cybercriminals have adapted their tactics to ensure the effectiveness of their extortion campaign. Realising that organisations can restore their data from backups, they now target and encrypt backups before unleashing their payload on an organisation’s primary data. Thankfully, immutable backups can help organisations protect their backed-up data from ransomware. As no one, not even an administrator, can alter or delete the data, this solution can provide your organisation with a robust last line of defence. With advanced ransomware attacks, you must have the appropriate technologies in place to stop cybercriminals at every step of their ransomware campaign. Immutable backups protect the entire defensive lifecycle and offer a complete solution against an advanced attack.  

To support organisations as they plan for this evolving threat environment, AUCloud have published a white paper to give you the information you need.

“How confident are you that you can recover from a ransomware attack” has been written for a government and critical national industry audience who need to incorporate Sovereign Data requirements into their ransomware mitigation strategies.

You can download your complimentary copy by clicking on this link:



AUCloud: Keeping the data of Australians in Australia