Ransomware protection best
practices: How to protect your
small business from

Web content filtering ensures internet environments are safe for schools,
universities, and government entities by blocking unwanted online
content. Learn how to prevent web-based threats from striking today.

Small business ransomware protection best practices

As the owner of a small business or enterprise, you’ve probably seen incidents of ransomware attacks on the news. Usually, the ransomware reports that gain the most traction in the media are about high-profile organizations such as hospitals, schools, government bodies, and critical national infrastructures like the Colonial Pipeline. Attacks against such organizations can devastate their productivity and cost millions in recovery.

What you may not know is that ransomware can strike an organization of any size. Some strains of ransomware, like WannaCry, propagate indiscriminately, while others are used in targeted attacks. Either can impact a small business or enterprise.

Although larger organizations usually have the resources to recover from a ransomware attack, small businesses are more vulnerable to such threats. In fact, the National Cybersecurity Alliance says that most small businesses like yours shut down within six months of a cyber attack. Other cybersecurity researchers say that most small to medium-sized businesses won’t survive a week after a ransomware infection.

Inadequate cybersecurity measures are the most common reason. The best ransomware protection requires proactivity, not reactivity. Without ransomware protection in place, there’s little your business can do to stop or recover from a ransomware attack.

Moreover, the loss to a small enterprise’s data, workflow, relationships, and reputation can be significant. Paying the extortionists offers no guarantee of access restoration. The attackers may launch further attacks, sell your sensitive data to other bad actors, or simply stop responding.

The authorities are certainly trying to protect you. World governments are forming alliances against ransomware operators. Law enforcement is also hitting back with initiatives, like the FBI’s successful disruption campaign against the hive ransomware structure.

Unfortunately, it’s not enough.

As the ransomware-as-a-service (RaaS) business model rises in popularity, extortionists with basic technology skills are accessing and utilizing some sophisticated ransomware against easier targets like small businesses. You may have recently read about the FBI alert about Zeppelin ransomware, aka Buran, which is a RaaS that can use multiple attack vectors.

Investing in ransomware protection is the most effective way to stop emerging threats like ransomware.

Read this in-depth ransomware protection guide for small businesses and enterprises for more on:

  1. What is ransomware?
  2. What is ransomware protection?
  3. Best protection from ransomware
  4. How should a company handle a ransomware attack?

ransomware hub


Ultimate visibility, detection, and remediation to eradicate ransomware and other malware from your organization’s endpoints. Discover cloud-native Malwarebytes EDR with 72-hour ransomware rollback, and flexible security add-ons such as Device Control, DNS Filtering, and Cloud Storage Scanning.



What is ransomware protection?

Before we explain ransomware protection, let’s start with a ransomware definition. Ransomware is a type of malicious software that stops you from accessing your system or computer files by locking you out, encrypting your data, or both. It then demands an extortion fee to restore access.

So, what is ransomware protection? Well, ransomware protection is the group of measures your small business can take, such as adopting antivirus programs with anti-ransomware technology and investing in employee cybersecurity education, to defend against, identify, and respond to ransomware attacks.

Why is ransomware protection important for businesses?

Ransomware protection is essential because such attacks are rising steadily, both in frequency and complexity. A ransomware attack can hurt a company’s revenue, culture, data, operations, and reputation. It may also result in regulatory and legal costs. The bottom line is that good ransomware protection may be the difference between your company thriving or shutting down for good.

What to do if your business experiences a ransomware attack

The first thing to remember after experiencing a ransomware attack is that it’s best to stay calm. Many ransomware strains utilize scareware tactics to force victims into making bad decisions, such as paying the attacker immediately. While the efficacy of your response depends on the scope of your ransomware protection measures, there are some steps you should immediately take after a ransomware attack.

Disconnect suspicious devices

After gaining a foothold in your organization, ransomware propagates through networks. Identify the ransomware entry point with the help of your IT team and disconnect all infected machines from the network to prevent the malware from spreading.

Identify the ransomware

There are hundreds of strains of ransomware, with new ones on the horizon. Identifying the type of ransomware infection can help with the recovery process and prevent unforced errors. For example, using the wrong decryption script may encrypt your files further.

Determine the scope of the attack

Investigate the scope of the ransomware attack. Did the ransomware encrypt your files or lock you out of your system? Do you have backups? The volume and sensitivity of the files impacted by the ransomware will also affect your response. For example, you may not have to consider paying the attackers if the files are non-essential.

Initiate your disaster recovery plan

You must have a disaster recovery plan as part of your ransomware protection protocols. Your disaster recovery plan should outline how you can disinfect the malware, restore access to your files from backups, and minimize the impact of the attack on your organization.

Initiate the plan to start the recovery process with your IT team. If you don’t have an IT team, consult with a Managed IT Services provider with a specialty in cybersecurity immediately.

Report the incident

Please report the attack to law enforcement, regulatory agencies, or other relevant organizations, as necessary.

Ransomware protection tools for businesses

The best ransomware protection tools can protect your businesses from malware that encrypts your data or locks your systems. Here are a few examples of solutions you can invest in:

Ransomware protection products

In the age of remote working, more ransomware gangs are targeting vulnerable endpoints to infect organizations with ransomware. A top EDR product can offer excellent enterprise ransomware protection by giving you the ability to roll back up to 72 hours per endpoint, even if you get ransomware.

Many businesses are outsourcing their security needs nowadays by finding managed detection and response, service providers. So, what is managed detection and response (MDR)? In a nutshell, this is a cost-effective cybersecurity service managed by a team of advanced analysts and threat researchers tailored to your organization’s needs. Investing in advanced MDR services can help your resource-constrained team remediate threats like ransomware.

Operating systems with built-in protection

Software giants realize that their customers need help with emerging online attacks. That’s why operating systems are rolling out features that defend against ransomware. Here is how to enable ransomware protection in Windows 10 or Windows 11:

  1. Open the Windows Security app.
  2. Pick Virus & threat protection. 
  3. Look for Ransomware protection.
  4. Pick Manage ransomware protection.
  5. Activate controlled folder access.
  6. Add folders to your list of protected folders to shield them from ransomware.

Please note that Windows anti-ransomware protection isn’t flawless as of now, and the system may throw up some false positives. However, it’s improving regularly with updates and can be a useful defense mechanism.


Ransomware decryptors are useful tools that can help you recover your files without waiting for a decryption key from a ransomware author. These decryptors are usually made by cybersecurity experts and work for a specific ransomware family. You must correctly identify the ransomware strain to use the decryptor effectively.

Vulnerability scanner

Threat actors may quietly look for software flaws they can exploit to launch a cyber attack. A vulnerability scanner is handy because it helps identify such weaknesses in your applications, networks, and systems. Your small business can use the report from a vulnerability scanner to minimize your attack surface.

Application whitelisting

You can utilize an application whitelisting tool to control the applications that run on your network and block untrusted apps that may leave you vulnerable to a ransomware attack. Although application whitelisting isn’t a comprehensive cybersecurity measure, it can help improve your enterprise’s defense posture.

Strong spam filters

Malspam is a type of unsolicited spam email that carries a malicious attachment like ransomware. Strong spam filters can filter emails with ransomware by scanning for suspicious patterns, IP addresses, domain reputations, and scripts.

Utilize antivirus software

Not every antivirus software can stop ransomware. However, a next-generation antivirus (NGAV) solution that leverages antivirus ransomware protection technology can help detect and block ransomware infections on endpoints. NGAV solutions rely on Artificial Intelligence and Machine Learning to distinguish threatening patterns and block malware that may lack known signatures.

Password manager

Investigators find that hackers often exploit weak or stolen passwords to breach network security for ransomware attacks. Ensure that your business uses complex passwords and changes them regularly. Utilizing a good password management system can help set strong login credentials. You can also activate Multi-factor authentication (MFA) for extra security that goes further than a username and a password.

Infrastructure management and monitoring

Small businesses and enterprises can effectively use infrastructure management and monitoring tools to detect and respond to cyber threats. A good tool will identify suspicious events before they escalate into full-scale attacks. An endpoint detection and response security system is an excellent example of such a tool. It guards your laptops, desktops, and mobile devices. Utilize a top EDR security system to gain a better understanding of threats against your organization today.

Backup files

Leverage data backup technology to improve recovery time after a ransomware attack. Create regular backups and store them offsite for the best results. Please also consider investing in air-gapped systems for your backups. Air-gapped systems are significantly less likely to get infected by ransomware because they’re not physically connected to a network.

Use a secure browser

Ransomware can spread through websites that use drive-by downloads. A secure browser can shield your system from such techniques. It uses technology like sandboxing, malware detection, script blocking, and ad blocking to reduce your business’s exposure to malicious software.

Use a VPN

Attackers often use Remote Desktop Protocol (RDP) ports in cyber attacks. You can either close unnecessary ports or have employees connect to company networks via Virtual Private Network (VPN) instead of RDP to improve ransomware protection.

Access management

With access management tools, enterprises can control access to essential systems and data. Threat actors are less likely to breach your security by using compromised credentials when accounts are privileged.

b2b remediation management

Don’t let the first signs of a breach go undetected.

Explore Malwarebytes Endpoint Security and Antivirus Business Products:

Endpoint Protection for Servers

Endpoint Detection and Response (EDR) for Servers

Managed Detection and Response (MDR) Service

Related articles

Ransomware Protection FAQs

How can ransomware affect a business?

How to defend your enterprise against ransomware

Do companies have to pay for ransomware?

Which industries are most likely to pay for ransomware?

Explore our business solutions

Learn more about the Nebula cloud console and Malwarebytes business solutions: