We’ve helped businesses recover from ransomware attacks, and it’s always a nightmare. They can’t access any of their files. Every document, spreadsheet, and database is locked with a message demanding payment in Bitcoin.
What we’ve learned from these situations is that having backups isn’t enough if they’re not set up correctly. We’ve seen businesses with backups that were connected to the network, and the ransomware encrypted those too. Some ended up paying the ransom (which we never recommend, but they felt they had no choice) and still lost days of work. The total cost can be tens of thousands in ransom, downtime, and recovery efforts.
Ransomware isn’t going away. In fact, it’s getting smarter and more targeted. But here’s what we’ve learned from helping businesses recover from these attacks: prevention is absolutely possible, and it doesn’t have to cost a fortune.
Understanding the Threat
Ransomware is essentially digital kidnapping. Attackers get malicious software onto your system (usually through a phishing email or a vulnerable application), and it encrypts all your files. You can see them, but you can’t open them. Then comes the demand: pay up, or lose everything.
The scary part? Modern ransomware doesn’t just encrypt your files. It also steals them. Even if you pay, there’s no guarantee you’ll get your data back, and your information might be sold on the dark web anyway.
Small businesses are prime targets because we often have weaker defences but enough money to make paying a ransom worthwhile. We’re the “sweet spot” for attackers.
Building Your Defence
Based on what we’ve seen working with businesses, we recommend a multi-layered approach to ransomware protection. You can’t rely on just one thing. You need several layers working together.
Email Security is Your First Line
Most ransomware gets in through email. Someone clicks a malicious link or opens an infected attachment, and that’s it. Your email system needs proper filtering.
We recommend using a business email service like Microsoft 365 with built-in security features. It scans attachments, checks links, and filters out known threats. It’s not perfect, but it catches about 99% of the bad stuff before it reaches your inbox.
Also, disable macros in Office documents by default. Many ransomware attacks use macros to execute malicious code. If someone needs macros for legitimate work, they can enable them on a case-by-case basis.
Keep Everything Updated
We know we sound like a broken record on this one, but it’s critical. Ransomware often exploits known vulnerabilities in software. If you’re running outdated software, you’re essentially leaving a window open for attackers.
Set up automatic updates for your operating systems and applications. For critical business software, you might want to test updates first, but don’t delay them indefinitely. Schedule a monthly “update day” if you need to, but get them done.
Train Your People
Your employees are your human firewall. Teach them to be suspicious of unexpected emails, especially ones with attachments or links. Show them real examples of phishing emails (there are plenty online). Make it a regular conversation, not a one-time training session.
We also recommend running simulated phishing campaigns. Send your team fake phishing emails and see who clicks. Don’t use it to shame people. Use it as a teaching moment. “Hey, you clicked this one. Here’s what gave it away…”
Network Segmentation
This sounds technical, but it’s actually pretty straightforward. If ransomware gets into one part of your network, you want to stop it from spreading everywhere.
Think of it like fire doors in a building. If a fire starts in one room, the doors stop it from spreading. Network segmentation does the same thing for cyber threats.
At a basic level, this might mean keeping your guest WiFi separate from your main network, or ensuring that if one computer gets infected, it can’t immediately access your file server. For most small businesses, this is something we can set up in an afternoon.
The Backup Strategy That Actually Works
Here’s where most businesses get it wrong. They have backups, but they’re not set up correctly. Remember my client whose backups got encrypted? That’s because their backups were connected to the network.
For ransomware protection, you need what we call “air-gapped” backups. These are backups that aren’t connected to your network, so ransomware can’t reach them. This could be:
- An external hard drive that you plug in only for backups, then unplug and store safely
- Cloud backups with versioning (so you can restore from before the attack)
- A combination of both
The 3-2-1 rule applies here: three copies of your data, on two different types of media, with one copy offsite. And test your backups regularly. We can’t stress this enough: a backup you can’t restore is worse than no backup at all.
What to Do If It Happens
If you discover ransomware on your system, act quickly but don’t panic. Here’s what we tell clients:
- Disconnect immediately. Unplug the infected computer from the network. If it’s on WiFi, turn off WiFi. Stop the spread.
- Don’t pay the ransom. We know it’s tempting, but there’s no guarantee you’ll get your files back, and you’re funding criminal activity. Plus, paying makes you a target for future attacks.
- Call for help. Get professional assistance. We can help assess the damage, determine if recovery is possible, and guide you through the process.
- Check your backups. If you have good backups, you can restore from them. This is why proper backups are so critical.
- Report it. Contact Action Fraud (if you’re in the UK) or your local cybercrime reporting centre. It helps track these attacks and might help others.
Prevention Beats Recovery
We’ve helped businesses recover from ransomware attacks, and we can tell you it’s expensive, stressful, and time-consuming. Prevention is always better.
The good news? You don’t need enterprise-level security budgets. The measures we’ve outlined here are affordable and effective. Start with email security and backups. Those two things alone will protect you from most ransomware attacks.
If you’re not sure where to start, or you want someone to review your current setup, get in touch. We can do a security assessment and help you implement the right protections for your business. Because the best time to think about ransomware protection is before you need it.