How to help protect against the growing threat of ransomware

A single ransomware incident can shut down systems, halt operations, impact finances, and risk customer relationships.

Recent reports found ransomware present in nearly half of analyzed breaches, and it remains one of the most disruptive cyber threats for organizations of all sizes¹. Those with complex environments, distributed workforces, and interconnected vendor ecosystems have a larger risk surface and potential consequences.

Reducing risk starts with strong fundamentals: hardening systems, strengthening identity controls, training employees and vendors, and maintaining consistent oversight. With a layered approach, you can help prevent attacks and limit the impact if one occurs.

What is ransomware?

Ransomware is malicious software, often released through phishing links or downloads, that encrypts files and locks systems to disrupt operations and prevent access to critical data. Attackers demand payment from the victim in exchange for a decryption key, and many now use more advanced, AI-enabled methods to increase the speed, scale, and sophistication of their attacks.

Victims often face pressure to pay a ransom to regain access or prevent stolen data from being leaked, sold, or destroyed. However, paying the ransom does not guarantee recovery and can trigger regulatory and legal complications. Even if a victim does pay, attackers may demand more money, abandon negotiations, or sell the data anyway.

The threat of ransomware in critical sectors

Attackers often look for opportunities rather than specific industries, so any organization that relies on digital systems or handles sensitive data is at risk. The FBI discloses that ransomware and data breaches were the most reported cyber threats among critical infrastructure organizations, highlighting how widespread and damaging these attacks have become².

While no single sector is immune, public entities, healthcare providers, educational institutions, local governments, and private businesses with valuable data often face heightened exposure. These environments are appealing targets because disruptions can quickly cascade, amplifying operational and financial pressure.

High-profile incidents in recent years have included attacks that disrupted major healthcare operations, forced local governments to shut down essential services, and halted a U.S. fuel pipeline.

The takeaway is clear: every organization should assume it could be targeted and take steps to strengthen cyber defenses and its organizational resiliency.

Build ransomware resilience before an attack happens

Mitigation is most effective when it combines people, preparation, and technology.

Educate employees and review vendor relationships

• Require all employees take at least annual training on cybersecurity knowledge to help them identify phishing/malicious emails, avoid clicking on suspicious links or attachments, and use strong identity and password management practices.
• Employees are an organization’s first line of defense. Develop and reinforce a strong security culture in the workplace to empower employees to challenge the need for information or questionable requests.
• Review third-party connections and limit access to minimal essential functions.

Strengthen data recovery

• Back up critical systems and data regularly, and store backups securely and separately from production systems.
• Test backups routinely to confirm data can be restored completely and within required timeframes.
• Practice recovery scenarios so teams understand data priorities, escalation paths, and third‑party dependencies.

Plan for disruption

• Develop a business resiliency plan that addresses cyber incidents alongside other operational disruptions.
• Ensure business continuity, disaster recovery, and incident response plans are documented and aligned within your business resiliency plan.
• Conduct regular tabletop or live exercises so teams know their roles and can respond decisively under pressure.

Bolster technical security

• Keep operating systems, applications, and devices up to date with security patches.
• Maintain current antivirus, anti-malware, network defense, and email security tools and ensure they are actively running.
• Reduce exposure by limiting or disabling unnecessary remote access methods, including open remote desktop connections.
• Confirm on‑premises systems, cloud environments, and mobile devices are securely configured with protective controls enabled.

Use threat intelligence and test your defenses

• Monitor threat intelligence sources, like the Cybersecurity & Infrastructure Security Agency (CISA), to stay informed about emerging ransomware tactics, vulnerabilities, risk management.
• Conduct regular internal penetration testing or red‑team exercises to identify weaknesses before attackers do.
• Use testing results to strengthen controls, improve detection, and refine response plans.

Consider cyber liability insurance

• Recognize that even strong defenses may not eliminate risk entirely.
• Evaluate cyber liability insurance to help manage financial exposure tied to recovery costs, business interruption, and legal obligations.
• Understand policy coverage and claims processes in advance to support smoother incident response.

Be proactive in protecting against ransomware

Ransomware is a serious and persistent threat, but organizations are not powerless. By investing in people, preparation, and the right security controls, you can reduce your exposure and respond more effectively when incidents occur.

Contact your Huntington Relationship Manager to discuss the cybersecurity best practices and security solutions to help you reduce risks at your organization.