How to help protect against the growing threat of ransomware

Read Time: 3 Min
Ransomware losses reached $59.6 million last year. Learn how to help protect your organization against costly ransomware attacks.

By Wayne Hilt, Chief Information Security Officer, and Amber Buening, Security Outreach Director, at Huntington Bank

Ransomware attacks can transform a routine day into a crisis. Victims find their organization’s digital infrastructure immobilized without warning and are served a ransom note demanding they send funds or face severe consequences, which can have considerable financial, reputational, and operational implications.

Organizations need to be acutely aware of this danger, as these attacks are on the rise. Ransomware incidents reported to the FBI’s Internet Crime Complaint Center (IC3) increased by 18% with total losses rising by 74% in 2023 compared with the previous year. These incidents resulted in total adjusted losses of more than $59.6 million.

Organizations can protect themselves through developing strong cybersecurity defenses, training employees and vendors, and remaining vigilant against this cyber threat.

Understanding ransomware and its mechanisms

Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable§. Once installed, the malware encrypts files, effectively seizing control of an organization’s data and disrupting operations. Malicious actors then demand ransom in exchange for decryption. Cybercriminals are also becoming more sophisticated in their ransomware attacks due to the emergence of AI-enabled technology.

Victims are left with a choice to pay a sizable ransom to regain access to their data or risk threat actors releasing sensitive information publicly, selling it on the dark web, or erasing it entirely. Unfortunately, paying the ransom does not guarantee that the malicious actors will release the data. Hackers might request additional funds, exit negotiations, or sell the data after securing the ransom, leaving companies without the data they need to resume operations and facing financial losses.

The threat of ransomware in critical sectors

Organizations of every size and in any sector could become ransomware victims. One study found nearly one out of every four reported destructive attacks that resulted in systems being inoperable involved ransomware. However, certain sectors are more vulnerable than others.

In 2023, the top sectors impacted were healthcare and public health, critical manufacturing, government facilities, IT, and financial services. These figures reflect a targeted approach by cybercriminals toward data-rich environments in areas that might not prioritize investments in cybersecurity.

Notable examples from the last few years include a series of ransomware attacks that disrupted one of the largest U.S. healthcare clearinghouses, a ransomware attack that locked down a Missouri county’s systems and forced them to declare a state of emergency, and an attack on one of the largest fuel pipelines in the U.S. that resulted in short-term fuel shortages and increased gas prices .

These high-profile cases emphasize the need for all organizations to be thoughtful about how technology is implemented to reduce the likelihood of a ransomware being installed and, if it is, how the impact can be limited to prevent an infection from propagating to critical systems.

Building a strong culture of security, training employees, and prioritizing cyber resilience frameworks can help mitigate risk.

Ransomware prevention best practices

Train employees and vendors

  • Require that all employees take at least annual training on cybersecurity to equip them with the knowledge to identify and quarantine phishing and malicious emails, avoid clicking on suspicious links or attachments, and use strong passwords that are changed periodically.
  • Employees are an organization’s first line of defense. Develop and reinforce a strong security culture in the workplace to empower employees to challenge the need for information or questionable requests.
  • Review third-party connections and limit access to minimal essential functions.

Strengthen data recovery

  • Back up all critical systems and data and, just as important, periodically verify the integrity of the data backup and restoration process.
  • Routinely practice your crisis response and data recovery plan to ensure all responsible parties understand data priority, communication plans, and third-party dependencies.

Prepare a disruption and recovery plan

  • A business resiliency plan offers a multi-layered approach to preparing for events that could disrupt operations, such as a fire, hurricane, or cybersecurity breach. Create and regularly practice your organization’s plan, which should include business continuity, disaster recovery, and incident response plans.

Bolster security

  • Keep all computer operating systems and applications up to date with relevant security patches to address vulnerabilities and defend against exploitation.
  • Ensure antivirus, malware protection, and email security software are in place, active and on current versions.
  • Reduce or eliminate service exposure methods such as remote desktop protocol into your network.
  • Ensure all on-premises, cloud services, and mobile devices are properly configured, and security features are enabled.
  • For more tips, consider checking out CISA's #StopRansomware Guide for more information.

Consider Cybersecurity Liability Insurance

  • While preventing an incident is a priority, cyber threats have become inevitable. Cyber liability insurance can help provide protection against damages when private, financial, or other business-critical information is compromised.
  • Investing in a cyber liability insurance policy and understanding the cyber claims process can help your organization build resiliency in the face of ongoing ransomware threats.

Be proactive in protecting against ransomware

The rise in ransomware is part of an overall increase in destructive malware attacks worldwide. As a result, it is more important than ever to put practices that can help protect your organization to use.

Organizations should have a well-practiced response plan for cybersecurity events in general that emphasizes ransomware, where time can be of the essence for containment. All involved parties should know who and how to engage internal resources as well as external parties like law enforcement.

Contact your Huntington relationship manager to discuss the cybersecurity best practices and security solutions to help you reduce cybersecurity and fraud risks at your organization.

Financial & industry insights delivered to your inbox.

Subscribe to Huntington Insights

Sign up to receive emails about our latest articles, case studies, and events on topics that matter most to your business.
Subscribe

Related Content

Cybersecurity & Fraud
Read Time: 6 Min
Your cybersecurity checklist to help strengthen defenses this year
Implementing these cybersecurity best practices can help bolster your defenses and develop a strong security culture.
May 06, 2025
Cybersecurity & Fraud
Cybersecurity & Fraud
Understanding cybersecurity best practices can help protect your organization against bad actors and better manage risk. Read about threat trends, security insights, combatting fraud, and more from Huntington’s cybersecurity team.

FBI Internet Crime Complaint Center. 2024. “Federal Bureau of Investigation Internet Crime Report 2023.” Accessed April 22, 2024.  

FBI Internet Crime Complaint Center. 2024.

§ Cybersecurity & Infrastructure Security Agency. 2024. “Stop Ransomware Guide.” Accessed May 13, 2024.  

IBM Security. 2023. “Cost of a Data Breach Report 2023.” Accessed April 22, 2024.  

FBI Internet Crime Complaint Center. 2024.

The information provided in this document is intended solely for general informational purposes and is provided with the understanding that neither Huntington, its affiliates nor any other party is engaging in rendering tax, financial, legal, technical or other professional advice or services or endorsing any third-party product or service. Any use of this information should be done only in consultation with a qualified and licensed professional who can take into account all relevant factors and desired outcomes in the context of the facts surrounding your particular circumstances. The information in this document was developed with reasonable care and attention. However, it is possible that some of the information is incomplete, incorrect, or inapplicable to particular circumstances or conditions. NEITHER HUNTINGTON NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS OR EXPENSES (DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT OR OTHERWISE) RESULTING FROM USING, RELYING ON OR ACTING UPON INFORMATION IN THIS DOCUMENT OR THIRD-PARTY RESOURCES IDENTIFIED IN THIS DOCUMENT EVEN IF HUNTINGTON AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF OR FORESEEN THE POSSIBILITY OF SUCH DAMAGES, LOSSES, COSTS OR EXPENSES.

Lending and leasing products and services, as well as certain other banking products and services, may require credit application approval.

Third-party product, service and business names are trademarks/service marks of their respective owners.