Ransomware: Do’s and Don’ts for Employees


Ransomware is an increasingly common, highly destructive form of malware that attackers use to steal, encrypt, and hold their victims’ information hostage in exchange for a ransom payment. While most attackers use ransomware to target businesses and organizations, they often leverage security weaknesses created at the individual user level to gain entry. To ensure the safety of your personal information and to protect your organization against this vicious form of cyber-threat, here is what you need to know:

Current Trends in Ransomware

– Attackers can steal an employee’s personal information and/or passwords to gain entry to the wider network of an organization.

– Attackers usually give victims 24 to 48 hours to pay the ransom, which they must do in order to regain access to their data (although 46% who paid reported that some or all of their data was corrupted).

– The average ransom request has risen from $5,000 in 2018 to $200,000 in 2020.

– A business experiences 21 days of downtime on average as a result of a ransomware attack.

– One survey notes that 80% of respondents who paid a ransom were targeted again a second time.

– One source estimates that a cyber attack will happen every 11 seconds in 2021.

Do’s – How to Defend Against Ransomware

There are a number of measures that you can take to protect your information and your business. Consider the following steps:

– Use Challenging Passwords. Use difficult passwords with a variety of numbers, capital and lowercase letters, and special characters that attackers would be unable to guess. Change your passwords regularly — this lessens the likelihood that leaked credentials will fall into the wrong hands.

– Use Multi-factor Authentication. Enabling multi-factor authentication is a best practice for preventing criminals from accessing your accounts. This method requires users to verify their identity through at least two means before the program allows them access.

– Be Proactive. Keep your security software up to date and always scan any attachments before opening them. Use common sense when opening emails, and report anything unusual to your IT department.

– Safely Surf the Web. Only visit trusted web sources. Enable pop-up blockers to prevent unwanted pop-ups that might contain a link to ransomware, and beware of strange downloads that may appear after visiting a site.

Don’tsWhat to Avoid to Keep Your Information Secure

Keeping your information safe also requires you to refrain from risky situations. Here are some things to consider:

– Don’t Use Easy-to-Guess Credentials. Avoid using basic security question answers and passwords like family names, pet names, your address, or anything that a criminal could easily guess. Cybernews recently released a report with the ten most common passwords — if yours is on the list, consider changing it now.

– Avoid Suspicious Links. Phishing is one of the most popular ways for attackers to gain access to your personal information. Some cybercriminals will spoof contacts in your email list to make an email appear as if it’s coming from someone you know, while others will impersonate businesses asking you to reset a password or provide personal information like your social security number. If an email seems suspicious, do not open it or click on any links, and report it to your IT department.

– Avoid Connecting to Open Networks. While it may be tempting to join an open public wifi network, doing so could result in your personal information being exposed to attackers. Try to avoid open networks and only use secure connections or a VPN to access sensitive data.

– Don’t Download Free Software. Whether you are on your own personal computer or a company device, downloading software that has not been approved by your system administrator could invite ransomware into your system. If you would like to install a specific program, check with your IT department first.


Cybercriminals often leverage individual security weaknesses to gain entry to an organization’s wider network. Be sure to use challenging passwords, avoid opening suspicious emails, surf the web safely, and stay away from questionable downloads. If you would like to learn more about how to protect yourself and your organization, contact Qnectus today. 

Leave a Reply

Your email address will not be published. Required fields are marked *