Commercial Insights

Defend against ransomware: 8 cybersecurity tips

The latest guidance from the FBI can help keep your business and its data safe.

Ransomware remains one of the most significant and costly cyber threats facing businesses today and complaints are on the rise, according to FBI reporting.¹ The core concept is deceptively simple: malicious software, or malware, infiltrates your network, encrypts your critical data, and denies you access. The attackers then hold your data hostage until a ransom is paid, typically in cryptocurrency.

Unfortunately, this criminal business model is not just persisting; it's evolving and growing more sophisticated. Malicious cyber actors are capitalizing on every opportunity, and the threat of a disruptive ransomware attack grows by the day.

According to the FBI's Internet Crime Report, there were 3,156 ransomware complaints in 2024, with adjusted losses exceeding $12.4 million.¹ This number excludes lost business, time, wages, files, equipment, or any third-party remediation services and only reflects reported incidents. The true cost is significantly higher.

To help your organization build a stronger defense, we've compiled updated guidance based on recommendations from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Secret Service.

How ransomware finds a way in

While methods vary, most ransomware attacks exploit a few common vulnerabilities:

• Phishing emails: These remain the most common attack vector. Deceptive emails containing malicious links or attachments trick an employee into granting malware access to your network.
• Remote Desktop Protocol (RDP) vulnerabilities: Many businesses use RDP to allow employees to connect to their work computers remotely. If these protocols are not properly secured with strong passwords and multi-factor authentication, they become an open door for cybercriminals.
• Software vulnerabilities: Attackers actively scan for known security flaws in popular software and operating systems. Failing to apply security patches in a timely manner leaves your systems exposed.
• Stolen credentials: Through data breaches or other illicit means, cybercriminals can obtain valid user credentials and simply log in to your network as if they were a trusted employee.

8 proactive steps to protect your network

A foundational commitment to cyber hygiene and best practices is the most effective defense against ransomware. Here are key areas to assess within your organization to fortify your defenses.

1. Maintain protected backups

Do you back up all critical information? Are those backups stored offline and isolated from the main network? The "3-2-1 Rule" is a suggested practice: keep three copies of your data on two different media types, with at least one copy stored off-site and offline. Most importantly, have you tested your ability to restore operations from these backups? An untested backup is not a reliable one.

2. Conduct a risk analysis

Have you formally assessed your organization’s unique cybersecurity risks? This involves identifying your most valuable data and systems, understanding the potential threats to them, and evaluating the vulnerabilities that could be exploited. A thorough risk analysis provides the blueprint for your entire security strategy.

3. Prioritize staff training

Your employees are your first line of defense. Have you trained them in cybersecurity best practices, such as spotting phishing attempts, using strong passwords, and understanding data handling policies? Regular, engaging training and phishing simulation exercises can significantly reduce human error.

4. Implement a patching program

Have you implemented a system for promptly patching known system vulnerabilities? This should cover operating systems, applications (like web browsers and office suites), and network hardware. Automating this process, where possible, ensures critical security updates aren’t missed.

5. Use application whitelisting

Do you control which programs are allowed to run on your networks? Application whitelisting ensures that only approved and vetted software can be executed, effectively blocking unauthorized or malicious programs from running, even if they manage to get onto a system.

6. Develop and test an incident response plan

Do you have a clear, documented plan for what to do in the event of a cyberattack? This plan should outline specific roles, responsibilities, and communication procedures. Just as importantly, have you exercised it through tabletop drills or simulations? In a crisis, you don’t want to be figuring out the plan for the first time.

7. Ensure business continuity

Are you able to sustain essential business operations without access to certain systems? For how long? A business continuity plan (BCP) identifies your organization's critical functions and outlines procedures to maintain them during a disruption. Test this plan to ensure you can realistically operate while your IT team works on recovery.

8. Conduct penetration testing

Have you hired a trusted third party to attempt to hack into your own systems? Penetration testing (or “pen testing”) is a simulated cyberattack that safely identifies vulnerabilities in your defenses. It’s one of the most effective ways to test your security controls and your team’s ability to detect and respond to an attack.

What to do if your network is breached

Even with strong defenses, a breach is possible. If you suspect a ransomware attack, act immediately.

• Isolate the affected systems. Disconnect the infected computers, servers, or network segments from the rest of the network to prevent the ransomware from spreading further.
• Activate your incident response plan. This is the moment to put your plan into action. It will guide your technical, communications, and leadership teams on the next steps.
• Contact law enforcement. Federal officials recommend immediately contacting your local FBI field office or United States Secret Service field office. They can provide valuable assistance and use the information to help protect other potential victims.

“Having an incident response plan in the event of a cyberattack is just as valuable as your business continuity plan,” said Jeff Taylor, head of commercial fraud forensics for Regions Bank. “Knowing who to call, how to reach them, and the individual responsibilities of each participant is critical to recovery.”

The difficult decision: To pay or not to pay

Keep this in mind: law enforcement, including the FBI, strongly discourage paying ransom. But they also understand businesses and organizations must function.

If you feel you have no choice but to pay, assess these risks first:

• Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.
• Some victims who paid the demand have reported being targeted again by cyber actors.
• After paying the originally demanded ransom, some victims have been asked to pay more to get the promised decryption key.
• Paying could inadvertently encourage this criminal business model.

Unfortunately, the threat of ransomware isn’t going away. Building a resilient organization requires treating cybersecurity as a core business function, not just an IT issue. By moving from a reactive to a proactive stance, you can significantly lower your risk and protect your company, your stakeholders, and your customers.

Protecting your business for the long term

In addition to taking the above measures, you can turn to your Regions banker for fraud prevention tips, as well as products and services designed to help you stop fraud attempts against your business. To learn more about tools like ACH and Check Positive Pay, along with other solutions that can help you protect your business, visit regions.com/stopfraud.

Sources:
¹FBI. “2024 Internet Crime Report,” April 2025.
²CISA. “Ransomware: What It Is & What To Do About It.”