All systems operational Your IP: 216.73.216.63 info@cloudhosting.lv +371 66 66 29 69 Client area

← All questions

How to Protect Your Business From Ransomware

What ransomware is

Ransomware is malicious software that encrypts your files and demands payment for the decryption key. Modern attacks also steal data first and threaten to publish it, so paying rarely ends the problem. For a small or mid-sized business, a single infection can halt operations, invoicing, and customer service for days. The good news: almost every successful attack relies on a handful of preventable weaknesses.

How ransomware gets in

  • Phishing email with a malicious attachment or link.
  • Exposed remote access, especially RDP or SSH open to the whole internet with weak passwords.
  • Unpatched software: VPN gateways, firewalls, CMS plugins, and operating systems.
  • Reused or leaked credentials without multi-factor authentication.
  • Compromised suppliers or software updates.

Defend in layers

1. Back up with the 3-2-1 rule

Keep three copies of your data on two types of media, with one copy offline or immutable and off-site. Immutable backups cannot be altered or deleted by an attacker who reaches your servers. Test a full restore at least quarterly; a backup you have never restored is only a hope.

2. Patch quickly

Most ransomware exploits vulnerabilities that were fixed months earlier. Enable automatic security updates and prioritise internet-facing systems.

3. Enforce MFA and strong passwords

Require multi-factor authentication on email, VPN, remote desktop, and admin panels. This single step blocks the majority of credential-based intrusions.

4. Lock down remote access

Never expose RDP directly. Put remote access behind a VPN, restrict source IPs on your Firewall, and use key-based SSH.

5. Filter email and train staff

Use spam and attachment filtering, and teach staff to report suspicious messages. Block or sandbox Office macros that arrive from the internet.

6. Segment and limit privileges

Give users and services only the access they need. Network segmentation stops one infected machine from reaching every server and backup.

Practical server hardening

# Ubuntu/Debian: enable automatic security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

# SSH: key-only login, disable root and passwords
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart ssh

# Firewall: deny by default, allow only what you need
sudo ufw default deny incoming
sudo ufw allow 22/tcp
sudo ufw enable

# Slow down brute force
sudo apt install fail2ban && sudo systemctl enable --now fail2ban

# Immutable off-site backup with restic
restic -r sftp:backup@backup.example.com:/srv/backups init
restic -r sftp:backup@backup.example.com:/srv/backups backup /var/www /etc

If you are hit

  1. Isolate affected machines: disconnect the network, but do not power off if you need forensics.
  2. Identify the scope and preserve logs.
  3. Do not pay if avoidable; payment funds crime and does not guarantee recovery.
  4. Rebuild systems, then restore from clean, verified backups.
  5. Rotate all passwords and keys.
  6. Report to authorities and affected parties as required.

NIS2 and GDPR

If your company falls under NIS2 or handles personal data, a ransomware incident likely triggers reporting duties within tight deadlines. Keeping backups and logs inside the EU simplifies compliance and data sovereignty.

Takeaway

You cannot make an attack impossible, but tested offline backups, fast patching, and MFA turn most ransomware from a disaster into an inconvenience. Start with a backup you have actually restored.

Ready to start?

Deploy in minutes or talk to an engineer about what fits your project.