How to Help Protect Against Ransomware

Ransomware has become one of the most disruptive forms of cybercrime. Global ransom payments reached a record USD$1.1 billion in 2023, and the Canadian Centre for Cyber Security’s National Cyber Threat Assessment for 2025-26 found that ransomware would be the most impactful cyber threat facing Canadian organizations over the coming years.

The impact of ransomware for businesses can include the destruction or damage of data, the theft of sensitive information or intellectual property, and the financial costs tied to operational downtime and system repairs.

Read on for tips to help protect your organization from ransomware attacks.

What is ransomware?

Ransomware is a form of malware that allows threat actors to gain unauthorized access to systems, data, or devices and hold the information or systems hostage until a ransom is paid.

Once ransomware is deployed, it can spread through a network to infect all connected devices. Threat actors can block users from accessing data or systems or render organizational devices unusable. Once that has occurred, threat actors will demand a ransom and use extortion methods to coerce victims into paying, including threats to leak data or keep systems locked down.

Threat actors can buy ransomware from the dark web, which is known as ransomware-as-a-service. And with recent technological advances, even someone with little or no coding experience can leverage AI tools to write functional ransomware.

How do ransomware attacks happen?

Ransomware infections can occur through a variety of different attack methods, including malicious links or attachments found in phishing messages and unsecure websites, operating system vulnerabilities, and drive-by downloads.

Once a device is infected with ransomware, users could receive an onscreen ransom notice indicating that files have been encrypted and will be inaccessible until the ransom is paid. Threat actors often request payment in the form of digital currency, like bitcoin, or prepaid credit cards or gift cards. 

Here are some common methods used in ransomware attacks.

• Social engineering

Through social engineering tactics, threat actors can trick victims into installing malicious software or giving up the information they need to access and infect networks.

Ransomware is commonly distributed via phishing emails, which can look like they are from a trusted source but in fact can include malicious links, attachments, or QR codes.

• Software or system vulnerabilities and misconfigurations

Cyber criminals can exploit vulnerabilities in software, firmware, and operating systems – such as unpatched or unsupported systems and devices – to inject malicious code into a network or device.

• Credential theft

Threat actors can use different tactics to steal the credentials of authorized users – or buy them on the dark web – and use them to log in to a network and deploy ransomware.

• Drive-by downloads

By targeting compromised websites or injecting malware into legitimate digital ads – a practice called “malvertising” – hackers can pass ransomware to devices without the user’s knowledge, even if they don’t click an ad containing the malicious software.

Tips to help protect your organization

To help keep your business safe from ransomware attacks, consider implementing the following tips, policies and procedures.

• Create backups of your critical systems and data. It is critical to maintain offline, encrypted backups of data and to regularly test your backups. It is important backups be maintained offline as many ransomware variants attempt to find and delete any accessible backups.
• Implement multi-factor authentication (MFA) for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
• Develop and implement an incident recovery plan with defined roles and strategies for decision making.
• Segment critical systems. Divide your network into several smaller components, which makes it more difficult for ransomware to spread across the entire network.
• Use application directory allowlisting on all assets to ensure only authorized software can run, and all unauthorized software is blocked from executing.
• Prioritize timely patching of internet-facing servers – as well as software processing internet data, such as web browsers, browser plug-ins and document readers – for known vulnerabilities.
• Practice the principle of least privilege by providing employees with access to only those functions and privileges necessary to complete their tasks. Restrict administrative privileges and require confirmation for any actions that need elevated access rights and permissions.
• Implement anti-virus software.
• Provide your employees training or guidance that includes how to identify and report suspicious activity or incidents. Where possible, conduct organization-wide phishing tests to gauge user awareness and reinforce the importance of identifying potentially malicious emails.
• Encourage employees to slow down and avoid any “urgent” requests. Be mindful of responding too quickly with personal or financial information.
• Ensure your teams review emails and URLs carefully. Emails and websites can look like they are from trusted companies, but if you review the email and URL carefully, you’ll notice a small difference like one extra letter, a period, or a .net instead of .com.

The bottom line

For businesses, ransomware attacks can lead to financial losses, operational downtime, reputational damage, and data breaches. To help protect your organization, consider adopting the ransomware tips and advice featured here and share this information with your employees and colleagues.