Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

4 steps to tackling ransomware

By Jim Boehm
ransomware
May 4, 2022

It happens all too often: a hacker breaks into a company’s cyber systems, threatening chaos. Or they get access to confidential information prior to a merger. Then follows the message: pay up — or else.

Ransomware refers to the use of malware to encrypt files. To get the key to decrypt their data, the victim pays ransom. It’s extortion with a 21st century twist, and it is far from uncommon. Supply-chain attacks rose by 42% in the first quarter of 2021 in the United States. Plus, ransomware is getting more expensive. The average ransom fee requested rose from $5,000 in 2018 to about $200,000 in 2020, and there are any number of companies who have paid millions. The total costs of dealing with ransomware could be more than $265 billion by 2031.

All the signs show that ransomware extortionists are getting more sophisticated. And with more businesses digitizing their data, the threat is growing and metastasizing. To build resilience and fend off the worst consequences, security leaders can implement these four tactics.

Prevention

This starts by knowing what technology an organization has and who has access to it, and then keeping track by monitoring remote collaboration tools and checking networks for malware. It continues by ensuring that security is ingrained into day-to-day operations and regularly reinforced. Phishing emails and remote desktop protocol (RDP) compromises are the most common sources of ransomware breaches. In 60% of cases, the malware is installed directly or via desktop-sharing apps. Only constant vigilance can improve defense — even if it cannot guarantee it.

Given the substantial shift to remote working, it’s critical to improve home networks, beginning with such basics as insisting on strong passwords and prompt installation of software updates. Multi-factor authentication (MFA) is relatively straightforward to implement, but constitutes a strong barrier against malware attacks. The same is true for user-level command-line capabilities and blocking Transmission Control Protocol (TCP) port 445. Doing so can reduce the efficacy of the software and scanning tools that ransomware extortionists use. Along the same lines, take steps to protect the Active Directory, which contains services that connect users to network resources.

Preparation 

Anticipating is better than reacting. One idea is for a skilled team, including senior leaders, to create plausible scenarios, and then devise a business continuity plan in case of attack. This can uncover vulnerabilities and build confidence in the ability to manage disruption. The team can also determine who will lead the response if an incident occurs, and decide whether to pay.

It may not be possible — and it certainly cannot be assumed — that any and all cyberattacks can be prevented. The overarching goal of preparation, then, is resiliency, to ensure that the company can keep running if a specific technology is compromised. That means identifying the most critical assets, protecting them as much as possible and developing a backup process. Regular recovery testing builds muscle memory and encourages problem solving.

Response

Speed matters — every day a company’s data is muddled or lost exacts a very real price. At the same time, hasty decision-making can lead to bad outcomes. To thread this needle, convene everyone who matters immediately, including the board, senior executives, affected business groups, and compliance, risk, and technical experts to craft a single, unified message. It’s also a good idea to consult legal counsel and insurers sooner rather than later.

An effective ransomware response starts with calling law enforcement agencies, who may have capabilities the company does not and be aware of factors that can inform the response. For example, it can be illegal for companies to pay ransom to entities from countries subject to U.S. sanctions. Then plan to engage outside stakeholders, who may be put under pressure by the attackers, or their affiliates, to push for settlement. Regardless of the nature of an attack, responding to it requires information; in the case of malware, that means determining how the criminals gained access and how serious the attack is. In the best-case scenario, such intelligence can lead to finding the decryption key. At the least, it provides insights that can be useful during negotiations.

Recovery

Ransomware perpetrators are criminals. Therefore, their integrity cannot be assumed. So the closer a company gets to paying the ransom, the more it needs to insist on proof that the hackers have what they say they have. Whether payment is made or not, networks may have to be rebuilt, reinforced and scrubbed. Recovery is a process; in a sense, it is the first step in prevention because the ransomware threat is constantly changing.

Ransomware can seem like the mythical hydra — with two heads growing when one is chopped off. In an increasingly digital world, no single business can take down the hydra. What each company can do, however, is protect itself as best it can. 

KEYWORDS: cyber attack detection cyber security threat cybercrime malware phishing ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jim boehm headshot

Jim Boehm is an Expert Partner in McKinsey’s Risk Practice, with a focus on digital risk — especially cybersecurity. He is a former military officer and National Security Project Manager with operational experience in computer network operations and agile development of cyber analysis systems.

Boehm primarily serves technology and security organizations in financial institutions, but has also served global technology companies, oil and gas, and other energy companies, U.S. federal agencies, private and public healthcare institutions, travel and logistics companies, and aerospace and defense firms on cybersecurity topics.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • convergence freepik

    4 steps to prepare for a ransomware attack: A C-suite guide

    See More
  • ransomware

    Four steps to deliver a deadly counterpunch to ransomware attacks

    See More
  • CyberAttackTargets-sectigo.jpg

    How to stop ransomware - Seven steps to protect your enterprise

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing