How To Prevent Ransomware on Your Network plus The Best Tools

What Is Ransomware?

While most viruses and malware try to steal your data, ransomware holds your files hostage by encrypting them and only providing the key when their ransom has been paid. Infection usually starts when someone tries to open an attachment from an email that contains malicious code.

The virus proceeds to silently encrypt everything on the local PC, and any network drives that may be mapped to it. If the ransomware is even more sophisticated it can begin to look for other avenues to move deeper into the network, such as open RDP ports, or unsecured network shares.

Ever since the early 2000’s the spread of ransomware has grown significantly. Not only do these types of attacks continue to get more expensive, but they also grow in their complexity. Some of the most dangerous ransomware can avoid the most popular antivirus software and even hide when it’s being studied in a sandbox environment.

A ransomware attack can cost the victim anywhere from a few hundred, to tens of thousands of dollars to decrypt and recover their files from the attacker. This payment is usually demanded in the form of a cryptocurrency such as Bitcoin or Monero.

In most cases recovering any encrypted files without the decryption key is impossible. That’s why it’s much easier to position your network to not get infected in the first place.

How To Prevent Ransomware Infection

Network security is best implemented in layers, and preventing ransomware is no different. The more of these security practices you have in place, the most you mitigate your risk of ransomware infection.

Patch And Update Your Devices

It’s easy to fall behind on patches and updates, but this lapse in security awareness can prove to be disastrous if not corrected. Ensure your servers, PCs, and network storage devices are patched and up to date at least once a month.


Keep an ear out for any recently discovered zero-days or emergency security patches that might need to be installed ahead of schedule. Keeping a strict patching schedule is an easy way to win half the battle when it comes to preventing ransomware. Larger organizations can benefit from automated patch deployment using several patch management tools.

Secure Your Ports And Services From Ransomware

One of the most popular attack vectors for ransomware has been vulnerable to remote desktop services. If devices on your network utilize the remote desktop protocol to gain access externally, you’ll want to ensure you’re using best practices.

Only allow remote desktop over a Virtual Private Network (VPN). In the past, it was enough to use remote desktop services with a nonstandard port and a strong password. Today, this is not enough to keep your network secure. Attackers are now using sophisticated port scanning tools to find services over non-standard ports and then running powerful brute force attacks to gain access.

Critical vulnerabilities such as BlueKeep are continuing to be discovered, leaving networks vulnerable to wormable ransomware attacks. If you must use remote desktop services, ensure that it is only accessible from inside a VPN, or from a list of whitelisted IP addresses. This will also help with your online privacy when using public networks.

Consider using nonstandard ports for specific services. While this isn’t foolproof, it does add an extra layer of obscurity that will cut d


Article post on:

Leave a Comment

Your email address will not be published. Required fields are marked *