Why Ransomware Readiness Matters: Ransomware attacks have surged across Missouri and the nation, impacting organizations of all sizes. Even government offices in Missouri have been forced to shut down services after a ransomware incident – for example, Jackson County had to close its deeds and tax offices in early 2024 due to a cyberattack. Smaller communities are no exception: a cyberattack disrupted email, phones, and payment systems in the 20,000-resident city of Pittsburg, KS (just across the Missouri border). Nationwide, ransomware gangs were on track to extort nearly $1 billion from public and private victims in 2023. In short, Trenton-area businesses, clinics, schools, and local governments are squarely in attackers’ sights. This guide lays out a 7-step ransomware readiness checklist to help Trenton organizations protect themselves – from preventing an infection in the first place to recovering quickly if the worst happens.
Local Reality Check: Ransomware groups are increasingly targeting small and mid-sized entities that may have fewer defenses. Don’t assume “we’re too small to be noticed.” Being unprepared can cost you dearly in downtime, lost data, reputation, and recovery expenses.
Maintain Reliable Backups and Recovery Capabilities
“Offline, Tested Backups = Your Best Ransomware Insurance.” If ransomware strikes, having recent offsite backups of your data can make the difference between a minor inconvenience and a major crisis. Cybersecurity experts universally recommend keeping offline, encrypted backups of all critical data and systems, and regularly testing those backups. Offline (aka “air-gapped”) backups are stored out of reach from your live network – for example, on external drives stored safely or in secure cloud storage with no constant connection – so that ransomware can’t encrypt or delete them. Following the classic “3-2-1” backup rule is a smart practice: keep 3 copies of your data on 2 different media types, with 1 copy stored offsite (off-network). This ensures that even if one backup is compromised, you have another in reserve.
Regularly verify that you can actually restore from your backups – do simulated recoveries or file restores on a routine schedule. It’s not enough to have backups; you must be confident they’re intact and up to date. Also, include your server configurations or “golden images” of critical systems in your backups, so you can rebuild machines quickly if needed.
Why this matters: Ransomware perpetrators’ first move after locking your files is often to seek out and destroy any accessible backups. They want to leave you with no choice but to pay a ransom. A secure offline backup frustrates that plan, letting you restore your own files without paying the criminals. And paying is a poor fallback plan – studies show 92% of companies that paid ransoms didn’t get all their data back even after receiving decryption keys. In some cases attackers take the money and still leak or withhold your data. A solid backup is truly your lifeline.
Finally, make sure you have a documented Disaster Recovery Plan (DRP) for what to restore and in what order if a ransomware event occurs. Identify your most critical systems and data (customer records, financials, etc.) and prioritize those for restoration. Practice your recovery process occasionally (e.g. an annual drill using backups to recover a file server) to work out any kinks before a real incident.
Keep Software and Systems Updated (Patch Management)
“Keep your digital doors locked by patching.” Many ransomware attacks succeed by exploiting known vulnerabilities in unpatched software or outdated systems. One top initial access vector is poorly secured remote access services (like RDP or VPN) and other unpatched internet-facing servers. Every month, software vendors release security updates (patches) to fix newly discovered holes – failing to apply these promptly is like leaving a window open for attackers. Regularly patch and update all software and operating systems to the latest versions. This includes not just Windows or your server OS, but also applications (browsers, office suites, browser plugins, etc.) and network device firmware. Prioritize critical security updates – especially on any systems that connect to the internet – and enable automatic updates wherever feasible to stay current.
Also, upgrade or replace end-of-life software that no longer receives updates. Legacy systems (e.g. that old Windows 7 PC running a specialty app) are high risk if they can’t be patched – segment them off the network or retire them. Consider using a managed IT service or cloud provider for things like email, where updates and security are handled professionally (as CISA notes, small businesses often struggle to maintain on-premise servers securely).
Beyond patching, close unnecessary entry points: disable unused services and ports (for example, if Remote Desktop (RDP) is not needed, turn it off or restrict it). If such services must run, put them behind firewalls/VPNs and protect them with strong authentication (more on that next). Reducing your “attack surface” makes it harder for ransomware to find a way in.
Bottom line: Make software updates a routine – weekly or at least monthly. “Patch Tuesday” (Microsoft’s monthly release) is a good reminder to update everything else too. Cybercriminals swiftly weaponize published vulnerabilities; applying patches within days (not months) dramatically lowers your risk. An up-to-date system forces attackers to find unknown vulnerabilities (much harder) or resort to tricking a user instead.
Implement Strong Access Controls (MFA and Least Privilege)
“Don’t let attackers walk in with stolen passwords.” Stolen or weak credentials are a common cause of ransomware breaches. In one analysis, compromised remote access accounts (RDP/VPN) were the top initial attack vector for ransomware gangs. To counter this, strengthen your user authentication and access controls across the board:
- Enable multi-factor authentication (MFA) on everything you can – especially for email, VPN, remote desktop, cloud services, and administrator accounts. MFA (e.g. requiring a one-time code from a phone in addition to password) stops most password-stealing attacks in their tracks. Even if an employee’s password is phished or guessed, the hacker can’t log in without that second factor. As of 2023, cyber insurance companies mandate MFA on critical services due to its proven effectiveness, and so should you.
- Use strong, unique passwords and a password manager. Ensure default passwords on hardware or software are changed. Consider requiring passphrases or long passwords (12+ characters). Attackers use automated tools to brute-force weak passwords – don’t give them an easy win.
- Apply the principle of least privilege: Each employee/user should have the minimum level of access and permissions needed for their job – no more. Limiting administrative rights can contain the damage if one account is compromised. For example, an office assistant probably doesn’t need domain admin rights or access to the accounting system. By curbing excessive access, you prevent ransomware from easily spreading across every system using a single stolen login.
- Secure remote access: If your staff use Remote Desktop Protocol or similar tools, make sure those are behind a VPN or at least protected by MFA and locked down to specific IPs. Never expose RDP directly to the internet without strong safeguards – attackers constantly scan for open RDP ports. Similarly, require MFA for VPN logins and webmail. Disable accounts immediately when an employee leaves or changes roles, to avoid “orphan” accounts that attackers could exploit.
- Monitor for unusual login activity: Implement account lockout policies (e.g. lock an account after 5 failed attempts) to thwart brute force attempts. Keep an eye on login logs for odd timings or locations that could indicate a hacker using stolen creds.
By hardening authentication, you take away one of the easiest paths ransomware groups use. Identity is the new perimeter – protect it. As one cybersecurity advisor put it: virtually every successful ransomware attack involves some credential abuse. So if you “MFA everything” and minimize privileges, you’ve eliminated a huge chunk of risk.
Educate and Train Employees on Cybersecurity
“Your employees are your first line of defense – or your weakest link.” Human error is a major factor in ransomware incidents. Phishing emails laden with malware or malicious links remain one of the most common infiltration methods. In May 2024, for example, the LockBit gang hit a school district after an employee fell for a phishing email with a ransomware payload. All it takes is one careless click. That’s why continuous security awareness training is essential for all staff:
- Train everyone to recognize phishing and social engineering. Educate employees on how to spot suspicious emails – things like unexpected attachments, urgent scare tactics, misspellings, or spoofed addresses. Regularly remind them not to click links or open attachments unless they’re sure of the source. Conduct phishing simulations (send test phish emails to see who clicks) and follow up with those who fall for it, as a teachable moment.
- Establish a culture of caution and reporting. Make it routine for staff to report any odd emails or computer behavior without fear of punishment. It’s far better to have a false alarm than miss a real threat. Quick reporting can mean the difference between isolating one infected PC versus a domain-wide outbreak.
- Include executives and admins in training. Higher-level staff often have access to the most sensitive systems, making them prime targets (whaling attacks). Ensure everyone from the front desk to the CEO practices good cyber hygiene.
- Onboard and ongoing training: Introduce security best practices to new hires immediately, and provide refreshers at least annually (if not quarterly). Cyber threats evolve, so update training with current scams (e.g. “There’s a new text message scam going around – be alert”).
- Reinforce basics: things like not reusing work passwords on personal sites, not plugging in unknown USB drives, and being wary of phone scammers. Sometimes ransomware actors use phone calls to assist their phishing (“Hi, this is IT, I need you to read back the code I sent to your phone…”).
Importantly, strive to “build a security-first culture” at your organization. Management should buy in and lead by example. Reward and recognize employees who practice good security habits. Encourage a mindset that keeping the business safe is everyone’s responsibility, not just IT’s. As one guide aptly says, ransomware readiness is a team sport. The more your people understand the threats and take them seriously, the less likely an attacker will slip through the human layer.
Lastly, consider posting a simple incident response procedure at each workstation – e.g. a flyer: “Think you clicked something bad? Here’s what to do right away: [unplug network, call IT hotline].” When panic hits, a clear head and quick action can isolate a ransomware infection before it spreads.
Secure Your Network and Devices (Defense in Depth)
“Lock down every endpoint and segment your network.” A comprehensive ransomware defense requires a multi-layered security setup. Technology won’t stop every attack, but it can thwart or slow many, buying you time to respond. Key components include:
- Endpoint protection: Install reputable anti-virus/anti-malware software (or modern Endpoint Detection & Response tools) on all servers and PCs. Keep these security tools updated daily so they recognize the latest ransomware strains. Many endpoint security suites can automatically detect suspicious behavior (like a program suddenly encrypting lots of files) and stop it. Enable those behavioral protections if available.
- Firewalls and network filtering: Use a business-grade firewall to filter incoming and outgoing traffic. Block known malicious IP addresses and domains. If your team doesn’t regularly need to visit certain foreign countries’ websites, you can geo-block traffic as an extra precaution. At minimum, have basic email filtering in place – it should catch a large share of spam and known dangerous attachments before they reach users’ inboxes.
- Disable macros and script abuse: A lot of ransomware is delivered via Office document macros or scripts. If possible, configure Office applications to block macros from untrusted sources. Likewise, consider using application whitelisting or restricting scripts (like .vbs, .ps1 PowerShell scripts) from running in user directories. This stops many common malware delivery techniques cold.
- Network segmentation: Don’t flatly connect every system on one network. Segment your network so that if one area is compromised, the ransomware can’t freely access everything. For example, put critical servers on a separate VLAN or subnet with strict access controls. Limit which computers can talk to each other – most office workstations shouldn’t need to directly connect to other PCs. By segmenting (and using internal firewalls), you contain the blast radius of an infection. Many small businesses overlook this, but even basic segmentation (e.g., isolating guest Wi-Fi away from internal systems, or separating accounting PCs from employee browsing PCs) helps.
- System hardening: Ensure secure configurations on all devices. Turn off unused services and close ports (as mentioned earlier). Use strong admin passwords on network hardware. If you have IoT devices (security cams, smart thermostats), put them on an isolated network – they often have weak security and could be entry points. Hardening your servers and network devices reduces vulnerabilities an attacker could exploit.
- Data encryption and cloud security: Consider encrypting sensitive data at rest. If ransomware actors steal data (for “double extortion”), having it encrypted adds a layer of protection – they can’t easily read what they stole. Also, if you use cloud services, configure them securely (don’t leave storage buckets public, etc.) and turn on any available ransomware protection features your cloud provider offers.
- Mobile and home office devices: With remote work more common, ensure laptops have full disk encryption and are managed (so you can wipe them if lost). Extend your security policies to any device that connects to work resources. Provide secure VPN access for remote staff rather than letting them connect via insecure home networks.
Think of these measures as reinforcing each other. There’s no single silver bullet, but each layer – firewall, antivirus, access controls, etc. – might catch something the others miss. Defense in depth greatly increases the odds of stopping an attack at some point along the chain. And if an attacker does get in, robust network controls can limit how far the ransomware spreads. Many businesses that suffer massive ransomware outages have flat, unsegmented networks where the malware could traverse everywhere. Don’t let that be you.
Develop an Incident Response Plan (and Practice It)
“Plan for the worst, so you can respond in the best way.” If a ransomware incident strikes, a panicked, ad-hoc reaction will only make things worse. Every organization – even a small business – should have a documented Incident Response Plan (IRP) specifically for cyber incidents like ransomware. In fact, about 98% of organizations in a recent survey reported having a ransomware response plan or playbook – but alarmingly, less than half felt they had all the necessary elements to execute it effectively in a crisis. The lesson: it’s not enough to write a plan and put it on a shelf; you need to ensure it’s comprehensive, current, and familiar to your team.
Your ransomware IR plan should clearly answer: What do we do if systems get encrypted? Define step-by-step procedures, such as:
- Detection and isolation: How to recognize an attack (e.g. the appearance of ransom notes, file encryption errors, unusual disk activity) and immediately isolate affected systems. Speed is critical – if one PC is infected, rapid isolation (disconnecting it from network Wi-Fi/cable) can contain the spread.
- Internal communications: Who needs to be alerted internally? List the key contacts (IT support, managers, owners). Remember that normal channels like email or VoIP phones might be down or unsafe to use if systems are compromised. Have an out-of-band communication method (phone tree, personal emails, even walkie-talkies if needed) to coordinate during IT outages.
- Engaging external help: Know which external partners to call. This may include your IT service provider or security consultant, cyber insurance breach hotline (if you carry cyber insurance, they often provide an emergency number), and law enforcement. The FBI strongly encourages reporting ransomware incidents; have contact info for your local FBI field office handy. If you’re a government or healthcare entity, you may also need to notify state/federal authorities – your plan should note any legal reporting requirements for data breaches.
- Assessment and containment: Steps for IT staff to triage the situation – identify which systems are affected, kill malicious processes, reset credentials if needed, and prevent further spread. Many IR plans include having a “jump kit” – a clean laptop with necessary tools (and offline copies of documentation) that responders can use safely.
- Restoration and recovery: Tie in your backup strategy here. The plan should state how you will restore data from backups, in what order (critical systems first), and who makes the decision to initiate recovery. Include verification steps after restoration (scanning restored systems to ensure the malware is gone). Also, plan for the possibility that you must rebuild systems from scratch if backups fail – having those “golden image” system snapshots can save time.
- External communications: Draft a basic communications plan for informing stakeholders – employees, customers, partners, and possibly the public – if a significant breach occurs. You don’t want to wing your public response amid chaos. Even a simple holding statement (“Our systems are experiencing an outage; we are addressing it and will update soon…”) can help manage reputational damage. If sensitive personal data is involved, prepare to follow breach notification laws as applicable.
- Decision on ransom payment: This is tricky, but discuss in advance your stance on paying a ransom. Law enforcement agencies do not encourage paying ransom – it’s risky and fuels the criminal business model. Many organizations decide they will not pay, as a matter of principle and because there’s no guarantee (as noted, you often don’t get your data back even if you pay). Others leave it as a last resort if human safety or life is on the line (e.g. ransomware hitting a hospital). Whatever your stance, decide it calmly before an attack, not in the heat of the moment. Document who has authority to make that call (e.g. the CEO/owner in consultation with security advisors and legal). Ideally, your robust backups mean you won’t ever need to pay to resume operations.
Once you’ve created an IR plan, store a hard copy or offline copy accessible even if your network is down. Make sure key team members have a copy at home as well. Then – practice the plan. Run a tabletop exercise where your team walks through a ransomware attack scenario and executes the plan steps. This will reveal gaps or confusion to fix now. Many businesses find that after a practice run, they greatly improve their readiness (e.g. clarifying who contacts whom, realizing they need a secondary internet source for communications, etc.).
Lastly, update the plan at least annually or whenever there are major changes in your environment. The threats are continually evolving, so your response playbook should evolve too.
Test and Improve Your Defenses Regularly
“Ransomware readiness is not a one-and-done project – it’s an ongoing process.” The final step is about continuous improvement: regularly evaluating your security posture and making adjustments to close new gaps. This proactive approach will keep you a step ahead of attackers. Key actions include:
- Conduct periodic security audits and vulnerability scans. At least once or twice a year, have an internal or external expert scan your network for vulnerabilities or misconfigurations that ransomware attackers could exploit. Think of it as a “cyber health check-up.” Address any high-risk findings (unpatched systems, open ports, etc.) promptly. Many IT service providers offer vulnerability assessment services, and CISA provides some free scanning tools.
- Perform ransomware readiness assessments. Consider a formal risk assessment or “readiness audit” focusing specifically on ransomware scenarios. This might involve interviewing your team, reviewing your backups and policies, and possibly tabletop exercises simulating an attack. For example, Pinpoint Tech offers North Missouri businesses a free ransomware readiness audit, which can provide an expert outside perspective on your preparedness (identifying any overlooked weaknesses). Such assessments often come with a report and recommendations to further strengthen your defenses.
- Test your incident response with drills. In addition to tabletop discussions, you can do more technical penetration testing or simulated ransomware attacks in a safe manner (often with professional help). This can test whether your monitoring systems trigger alerts, whether your team notices and reacts in time, and how effective your segmentation is. Some organizations schedule regular disaster recovery tests where they actually restore backups to verify everything works. The goal is to practice under realistic conditions so that if a real incident occurs, it’s not your team’s “first rodeo.” Even just pulling the plug on your internet for an hour and seeing how staff cope can be illuminating.
- Review and update policies periodically. Cybersecurity is dynamic. Revisit your policies on BYOD (bring your own device), remote access, data retention, etc., to ensure they still make sense as technology and threats change. For instance, the rise of data exfiltration in ransomware (stealing data before encrypting it) might prompt you to place more emphasis on encryption of sensitive files and stricter egress firewall rules.
- Stay informed about new threats. Keep an eye on threat alerts from sources like CISA, MS-ISAC, or cybersecurity news for the latest ransomware tactics. Share relevant alerts with your IT team or employees (“Hey, there’s a new phishing scam going around targeting local governments, be on the lookout.”). Being forewarned is forearmed.
Crucially, avoid complacency. A survey by Veeam found that 69% of organizations believed they were well prepared for ransomware – until they experienced an attack, after which confidence dropped dramatically. The takeaway: you don’t truly know how strong your defenses are until they’re tested. So test them regularly on your terms, rather than leaving it to an actual criminal to do it. Each time you test and refine your security, you raise the bar that attackers have to overcome.
Lastly, ensure your improvements are documented and institutionalized. If you discover in a drill that “Service X” wasn’t covered in the backup plan, add it and inform the team. If an assessment finds an outdated firewall, budget for a new one. Security is an ongoing cycle of plan → implement → review → improve. By embracing that cycle, Trenton organizations can drastically reduce the odds of a devastating ransomware incident.
Conclusion & Next Steps: Ransomware is a formidable threat, but with the right preparations, it’s one your organization can withstand. By following this 7-step readiness checklist – from regular backups and updates to employee training and incident planning – you are building layers of defense that make your company a much harder target. Even if attackers do strike, you’ll be equipped to contain the damage and recover quickly, with far less downtime and cost. Implement these steps as soon as possible, and treat it as a living process.
For additional peace of mind, you might take advantage of resources like free cyber security audits (such as Pinpoint Tech’s offer for local businesses) or consult with IT security professionals to validate your preparedness. The stakes are simply too high – as we’ve seen, ransomware can shutter businesses and disrupt communities. The good news is that with foresight and vigilance, you can keep your Trenton organization safe. Start checking off that ransomware-ready list today, and rest easier knowing you’ve stacked the odds in your favor.
Stay safe out there, and remember: an ounce of prevention is worth a pound of cure (and that’s never been truer than in cybersecurity). 💪🔒
FAQ: WiFi Placement
Are small businesses and local agencies in places like Trenton really at risk of ransomware?
Yes – absolutely. Ransomware operators increasingly target smaller organizations and municipal bodies in addition to large corporations. They assume smaller entities have fewer security protections. We’ve seen attacks on rural hospitals, tiny city governments, school districts, and mom-and-pop businesses. In fact, some ransomware gangs now focus on regions like North Missouri precisely because big cities are beefing up their security. Don’t assume “it won’t happen here.” Every business and public office, no matter the size or location, holds data or provides services that ransomware criminals would love to disrupt. This is why even small businesses and local governments must implement basic defenses – the threat is real and growing for everyone.
If our company falls victim to ransomware, should we consider paying the ransom to get the data back?
Experts and law enforcement strongly advise against paying, in almost all cases. Paying the ransom doesn’t guarantee you’ll recover your data – the attackers might take your money and run, or their decryption tool might only restore part of your files. A survey by Sophos found 92% of companies that paid did not get all their data back even after receiving a decryptor. Furthermore, paying a ransom can mark you as a soft target for future attacks and fuels the criminal industry. The FBI warns that ransom payments encourage attackers to keep going, and in some cases may even violate sanctions or laws. The best strategy is to prepare in advance so you don’t need to pay: maintain viable offline backups and an incident plan to restore systems independently. Only in extreme, life-and-death scenarios (e.g. a hospital ransomware attack) do authorities leave the door open to payment – and even then it’s a last resort. Every situation is different, but default to “don’t pay” – instead, contact law enforcement and recovery experts to guide your response.
What is the “3-2-1” backup rule and why is it important for ransomware preparedness?
The 3-2-1 backup rule is a classic best practice for data backup and recovery. It means having 3 copies of your important data, stored on 2 different types of media, with at least 1 copy kept offsite (offline). For example, you might have one backup on an external hard drive, another backup in a cloud storage service, and your original data on your office server. The idea is to build redundancy and resilience. Different media (say, external disk vs. cloud) protect against one backup method failing. The offsite/offline copy protects against physical disasters (fire, flood at your office) and cyber disasters like ransomware (since ransomware can’t encrypt data that isn’t connected to your network). By following 3-2-1, you greatly improve the odds that at least one good backup survives any incident. In a ransomware scenario, that offsite offline backup is your lifeline to avoid paying ransom – you can restore your files from it. Remember to update these backups regularly and test them. 3-2-1 is a general rule; you can even go further (some experts now say “3-2-1-1-0”, adding an immutable backup and zero errors on verification). But as a baseline, 3-2-1 ensures robust redundancy for most organizations.
How often should we back up data and test our ransomware defenses?
Aim to back up critical data daily if possible (or continuously, for very critical systems). The frequency should align with how much data you can afford to lose. For many small businesses, nightly backups of servers and daily or weekly backups of less critical PCs strike a balance. The key is that if ransomware hit today, you’d only lose at most a day’s work. For some data (customer orders, etc.), even a day might be too much – in that case, look into real-time or hourly backup solutions. As for testing, you should verify your backups at least quarterly – do test restores of a few files or even an entire system to ensure your process works. Also perform an annual (or more frequent) fire drill for ransomware: for example, simulate an employee clicking a ransomware file and see whether your team knows how to disconnect the PC, whether alerts go off, and how fast you can restore the data. Tabletop exercises (discussion-based) can be done a couple of times a year to keep the incident response plan fresh. If you have the resources, an annual professional penetration test or security assessment is highly beneficial – they might uncover holes you overlooked. In summary, back up as often as practical (daily for key systems), and test your backups and response plan at least annually – more frequently if you can. Regular testing gives you confidence that your defenses actually work and keeps everyone prepared.
Sources
- GovTech (The Kansas City Star) – “Jackson County, Mo., Deeds Office Grapples With Ransomware”. News report on an April 2024 ransomware attack impacting Jackson County offices, illustrating that even Missouri local governments have been disrupted by ransomware. https://www.govtech.com/security/jackson-county-mo-deeds-office-grapples-with-ransomware#:~:text=Jackson County%2C Mo,Grapples With Ransomware
- Recorded Future – The Record – Article “Cyberattack on Kansas town affects email, phone, payment systems” (Sept 2023) and DHS warning. Describes a cyberattack on Pittsburg, KS (small city) and cites a DHS alert that ransomware gangs were on pace for nearly $1B in extortion in 2023. https://therecord.media/pittsburg-kansas-government-cyberattack
- Veeam Blog – 2025 Ransomware Trends Report. Notes that law enforcement crackdowns drove gangs to target small and medium enterprises lacking strong defenses. Emphasizes that SMEs (like those in Trenton) are now heavily targeted. https://www.veeam.com/blog/ransomware-trends.html
- Veeam Blog – 2025 Ransomware Trends Report. Provides stats: 94% of organizations that suffered ransomware are increasing recovery budgets and 95% boosting prevention spending (showing ransomware is a top concern). Also, 69% of organizations thought they were well prepared before an attack, but that confidence dropped by 20% after a real incident – underscoring the need to truly test preparedness. https://www.veeam.com/blog/ransomware-trends.html#:~:text=94,these parts of an organization
- CISA #StopRansomware Guide (2023) – Official guidance from DHS/CISA. Recommends maintaining offline, encrypted backups of critical data and regularly testing backups. Warns that many ransomware variants attempt to delete or encrypt any accessible backups, so offline copies are essential. https://www.cisa.gov/stopransomware/ransomware-guide
- Wasabi Technologies Blog – “SMB Ransomware Checklist”. Explains the 3-2-1 backup rule (3 copies of data on 2 media, 1 offsite) as a best practice for ensuring recoverable backups in ransomware situations. https://wasabi.com/blog/data-protection/smb-ransomware-checklist
- Risk & Resilience Hub – “6 Reasons Not to Pay the Ransom”. Cites a Sophos cybersecurity study finding that 92% of companies that paid a ransom did not get all their data back even after receiving a decryption key. A real-world example is given where a company paid, yet attackers still leaked the data. Highlights the high risk and low reward of paying ransoms. https://riskandresiliencehub.com/6-reasons-not-to-pay-the-ransom-in-a-ransomware-attack/#:~:text=Case in point%3A They paid,up%2C and hackers took off
- CISA #StopRansomware Guide – Patch Guidance. Advises organizations to regularly patch and update software/OS to latest versions, prioritizing internet-facing systems, to close vulnerabilities commonly exploited by ransomware actors. https://www.cisa.gov/stopransomware/ransomware-guide
- CereCore (via Sophos survey) – Reports that 44% of surveyed healthcare organizations hit by ransomware took up to a week to recover, and 25% took up to a month. This indicates ransomware recovery can be a prolonged process causing extended downtime if preparedness (like tested backups) is lacking. https://resources.cerecore.net/a-ransomware-readiness-checklist-ways-to-amp-up-detection-and-response-plans
- Kroll Cyber Incident Analysis (via CereCore) – Found that the top initial attack vector for ransomware incidents was exploiting vulnerabilities in remote services such as RDP and VPN, underscoring the need for strong authentication (MFA), secure configurations, and patching of remote access points. https://resources.cerecore.net/a-ransomware-readiness-checklist-ways-to-amp-up-detection-and-response-plans#:~:text=Kroll notes that the top,factor authentication
- Wasabi – SMB Ransomware Guide. Emphasizes that compromised credentials (often from employee negligence or phishing) are a major ingredient in ransomware attacks. Recommends ensuring MFA, strict password policies, and a Zero Trust/least privilege approach to user access to mitigate this risk. https://wasabi.com/blog/data-protection/smb-ransomware-checklist
- Wasabi – SMB Ransomware Guide. Stresses creating a “culture of security” and getting buy-in at all levels, because ransomware readiness is a team effort. Security awareness and personal responsibility throughout the organization are key to preventing attacks. https://wasabi.com/blog/data-protection/smb-ransomware-checklist
- CISA #StopRansomware Guide – Network Configuration. Advises not exposing services like RDP directly online, or if necessary, using compensating controls. Recommends limiting RDP use, auditing for open RDP ports, enforcing account lockouts, and applying MFA and logging for RDP – since poorly secured remote desktop services are a common intrusion point. https://www.cisa.gov/stopransomware/ransomware-guide
- CISA #StopRansomware Guide – Incident Response Plan. Recommends creating and regularly exercising a cyber incident response plan, including a communications plan for ransomware incidents. Emphasizes having an offline copy of the IR plan available (since during an attack you may not be able to access an online document).
- Risk & Resilience Hub – FBI Guidance. Quotes FBI advisory that the U.S. government does not encourage paying ransoms and warns that paying doesn’t guarantee data return – some organizations never got decryption keys even after paying. Paying ransom is also noted to carry “serious risks” and potential legal issues, and it rewards criminal behavior. https://riskandresiliencehub.com/6-reasons-not-to-pay-the-ransom-in-a-ransomware-attack/#:~:text=The FBI warns%2C “The United,if they don’t have backups