Skip links
Ransomware top tips 2023

What more can your business do to combat ransomware in 2023?

From small local businesses to large international enterprises, all businesses risk falling victim to a ransomware attack. For the uninitiated, ransomware is a form of malware that blocks access to a file, system or device until a ransom is paid. Typically, ransomware spreads throughout a network and encrypts files, resulting in large-scale damage whilst making remediation particularly difficult. Most businesses have taken steps to reduce their cyber risk; however, more can be done. This article will delve into the current state of ransomware, common entry points, and what businesses can do to combat this adversary.
The current state of


There have been some major ransomware attacks throughout the UK in 2003. Some of these include Barts NHS Trust – The BlackCat ransomware group claims they have breached the organisation and stolen seven terabytes of internal documents and Royal Mail – a LockBit attack targeted Royal Mail, considered “critical national infrastructure” in the United Kingdom, causing severe disruption to all international deliveries.

In 2023, ransomware is undergoing a resurgence, witnessing a renaissance. According to reports from cybersecurity firms, there have been over 400 attacks in the month of March alone. Ransomware is financially devasting for most businesses; however, this increase in data leaks is particularly harmful to a business’s reputation and public image. This concept is known as double extortion, whereby if the company can recover from a ransomware attack through backups without paying the ransom, the attackers will exfiltrate the data and either leak it online or sell it to the highest bidder.
As double extortion has become the new normal for ransomware, how businesses protect against ransomware has also changed, with backup and disaster recovery no longer sufficient.

Phishing is ‘still‘ the most common entry point

Phishing has consistently ranked as the number one threat vector for many years, with 83% of all cyberattacks in 2023 being some form of phishing attack. Whilst some phishing ransomware attacks are low-effort spray-and-pray attacks that can be prevented with technologies such as DMARC, SPF and DKIM or cybersecurity awareness training, there are also some highly sophisticated phishing attacks.

These attacks are known as spear phishing, where the cybercriminal researches their target business and individuals and then tailors the phishing attack to them. These phishing emails typically look like they are from a trusted individual or company but contain a malicious link that, if clicked, will download the payload or take the victim to a malicious site where they enter their password, which can be used for a different attack method.

READ INSIGHTS ARTICLE: 5 Common Phishing Attacks and How to Spot Them

Ransomware Entry Points

Credential Stuffing

Microsoft Planner is a visual task management solution that organises teamwork and increases productivity. In Planner, users can create Kanban boards with content-rich cards, including files, checklists, and labels. The Kanban system helps teams view the specific steps involved in a task, how the work flows through the tasks, and where there are opportunities to streamline how the work is completed. Planner can be collaborative, allowing users to see the bigger picture and how each step is working towards task completion. As Planner is included in your Microsoft 365 subscription, it also connects seamlessly with other Microsoft applications for more efficient task management and can be managed within Teams.

Ransomware Entry Points

Exploiting Vulnerable Systems

Microsoft Approvals is a solution designed to streamline all requests and approval processes within Teams. It allows users to create a request for approval for documents or ideas that then notifies the user that has been requested so they can approve or deny the request. This reduces the time and complexity of acquiring written acknowledgement and authorisation from a manager, stakeholder, or customer. For customer-facing approvals, it is also possible to require a signature.

Ransomware Entry Points

Email Security

The modern office has fundamentally changed with the advent of hybrid working. Microsoft have pioneered this change with Office applications being available in browsers on any device with an internet connection. This allows users to easily work on the train, or quickly and easily take notes on OneNote whenever and wherever an idea comes to them.

Ransomware Entry Points

Password Security & MFA

Since Microsoft moved the Office application to the cloud, there has been a strong focus on increased collaboration. In Word, for example, if a user is editing a document, they can send the link to another user, and both users can edit the document simultaneously. This is a game-changer for brainstorming new ideas and proofreading documents before a final sign-off.

Ransomware Entry Points

Backup & Disaster Recovery

Many businesses pay for a subscription to a survey software, such as Survey Monkey, and need to realise that Microsoft Forms has impressive functionality and is included in all Microsoft 365 subscriptions. Forms allow users to quickly create surveys, polls and quizzes that can be shared via a link. The results are stored within the Forms online application and have in-built analytics, or the results can be downloaded for further analysis. Forms can also be connected to Power Automate to send out a thank you email when respondents complete the form.

Microsoft 365 back up solutions Birmingham
Ransomware Entry Points

Update & Patch Management

Although up-to-date machines and applications can have unknown vulnerabilities or zero-day exploits, it is not common. For this reason, businesses should run all updates and patches as soon as possible. Unfortunately, many employees will delay updates due to the inconvenience of restarting their devices. However, important updates can be forced using a Mobile Device Management solution, such as Microsoft Intune.
Ransomware Entry Points

Endpoint Detection and Response (EDR)

With double extortion becoming commonplace, businesses must invest more in protecting ransomware entry points. If a phishing email gets through email security and a malicious file is downloaded, an EDR solution will detect and stop the execution of most ransomware variants. Such a solution is also beneficial as it addresses the common issue of the constantly expanding attack surface. Businesses should consider an EDR solution as the second last line of defence, as it is only effective when ransomware has reached a machine.

Our role in Ransomware Protection

Whilst every employee has a role to play in combatting ransomware, many businesses rely on a third party's expertise to reduce their cyber risk. Whilst no provider can say with 100% certainty that they can safeguard against all ransomware attacks or cyberattacks, we can help your business with a multi-layered security solution to decrease your chance of falling victim. To find out more about how we can secure your business, contact us today.

0121 289 3434

[email protected]
By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. More about Cookies