Avast Business

Ransomware protection & recovery guidelines for businesses

Protect my business

The impact

68.5%

68.5% of businesses were victims of ransomware in 2021

(Statista)

$4.4 mil.

$4.4 mil. the average cost of a ransomware breach in 2020

(Ponemon)

139%

139% the increase in ransomware attacks from 2019 to 2020 in the US

(CNet)

73%

73% of targeted SMBs have paid a ransom

(Help Net Security)

Infamous Ransomware explained

Steps to stay protected

Multi-layered security as a shield

Protect my business

More resources

Infamous ransomware explained

WannaCry

The WannaCry strain shows how extensive a PC-based ransomware attack can be. In May 2017, WannaCry spread across the globe and ultimately attacked over 100 million users.
Tech corner
Viruses

Petya

The Petya strain, which first appeared in 2016 and returned in a more advanced form in 2017, uses the screen locker approach by encrypting your hard drive’s master file table to lock up your computer.
Tech corner
Viruses

Popcorn Time

Since an attacker’s ultimate goal is to spread the ransomware to as many machines as possible in order to make the most money, an alternative ransom tactic has emerged — a tactic that is both social and sinister.
Tech corner
Viruses

Steps to keep ransomware out

deploy-layered
Establish multi-layered security
One of the best ways to prevent ransomware attacks is to build a multi-layered security structure. Combining security solutions like our Avast Business Antivirus, Patch Management, Network Security, and Cloud Backup creates an even stronger barrier guarding your business with less points of entry for hackers to explore.
deploy-layered
Be wary of pop-up installment requirements
Pop-ups are seldom your friends. Whenever you get a pop-up request to update or download and install software or a plug-in while you’re online, close the pop-up without taking any action. Instead, go directly to the legitimate source to apply any updates.
deploy-layered
Think twice before clicking links
Don’t click links you receive from unknown contacts via SMS, email, or messenger applications like Skype or WhatsApp. Even if you think you know the sender, take a closer look at both their address and the link itself before proceeding. If anything looks suspicious, steer clear.
deploy-layered
Don’t download apps from unknown sources
When downloading apps to your computer or mobile device, stick with trusted sources like Microsoft Store, Apple App Store, and Google Play Store. Avoid third-party app stores, which have a reputation for being rife with scams.To add an extra layer of security, go into your device’s settings and disable its ability to perform app installations from unknown sources. You should also be suspicious if an app asks for device administrator permission. Granting this permission enables the owner of the app to access your device remotely, which would have dangerous consequences.
deploy-layered
Back up all important files
In the event of a ransomware attack, having backups of all your vital files will help you in terms of damage control. The best way to prevent data loss is to use a combination of offline and online storage methods. Save your files to one or more physical devices (e.g. external hard drives, USB flash sticks, SD cards) and to cloud storage services (e.g. Dropbox, Box, Google Drive).This way, if you do get hit with a ransomware attack, you’re ready to restore all your important files as soon as you remove the ransomware from your device.
deploy-layered
Keep operating systems and apps updated
If you’re still using an older OS that Microsoft no longer supports, like Windows XP, you are especially vulnerable to attack. Many updates involve security patches that are vital to preventing ransomware and other malware from infiltrating your devices. Make it a habit to keep all your software up-to-date, especially your web browsers and plug-ins.
deploy-layered
Educate employees about best practices
Including guidance in documentation is one thing, but for it to become ingrained as a part of the day-to-day, training and education are vital. Anyone with an account or device connected to the network needs to be trained to a level where they are familiar with security policies and how to implement best practices.

Multi-layered security is key

Hackers have more than one way of breaching a business network or device. The key to ultimate protection is having multiple layers of protection as a fail-safe.

deploy-layered
Business Antivirus
Avast Business next-gen antivirus solutions deliver complete, 360-degree protection for business devices and servers, providing simple yet robust protection against ransomware and advanced cyberattacks.
deploy-layered
Patch Management
Avast Patch Management automates the patching process to save time and money. It simplifies installation and configuration and uses powerful, automated discovery and deployment features to keep your business safe and compliant with industry regulations and business requirements.
deploy-layered
Cloud Backup
Avast Business Cloud Backup Service keeps data secure and ensures business continuity by protecting devices with an automated backup process that is easy to deploy and manage. Quickly set up backup schedules on devices, centrally manage everything from one dashboard to ensure all data is backed up and available, and easily recover data in the case of an unexpected event.
deploy-layered
Business Hub
The Business Hub is an integrated, cloud-based security platform for businesses and IT service providers to manage all Avast Business solutions deployed in their networks. It provides real-time visibility of threats, comprehensive reporting, and management capabilities, all from a single pane of glass.
Book a demo

Get a live demo to see how our cybersecurity can protect your business from ransomware.

Get a second opinion

There is no better protection for a business of any size, from a sole proprietor to a global enterprise. Our use is pretty small scale, but when it comes to offering a suggestion for antivirus protection or other IT issues, we always tell our clients that Avast is the best.

Robert S.

Content Specialist Small Business (50 or fewer employees)

Avast Endpoint Protection is very efficient and provides complete security as it detects any virus and keeps in constant scanning without slowing down the system. And the best of all, it can be used on any computer regardless of its characteristics.

John Doe

Admin Assistant Mid-Market (51-1000 employees)

Maximum Protection: Offers total security in terms of constantly updated malware. Very low impact: It consumes very few resources from my computer. I am protected without losing performance. Very easy to use: It is a simpler antivirus to manage. You practically install it and forget that you have it.

John Doe

IT Senior Programmer Enterprise (More than 1000 employees)

Reliable, award-winning security

g2-leader-small-business-summer-2023
G2 Crowd Leader
Summer 2023
Capterra
AV Test
Top product for corporate endpoint protection 2024
Techradar
TechRadar
Avast Business Antivirus Pro Plus ranked #1 for 2021

More resources on ransomware protection
& recovery

configuration
Decryption Tool
Use our free decryption tool instead of paying the ransom.
Learn more
shield
5 Steps to Protect Businesses from Ransomware
Get a deeper look into ransomware threats and what you can do to stay secure.
Download
aptop-shield
Ransomware & Cryptominer
Get to know the basics of ransomware and cryptominer.
Download
Alert
Ransomware Survival Infographic
Take a look at ransomware variant, Jigsaw, and an overall breakdown of how ransomware infects devices.
Download
Backup
Protect your Business from the Repercussions of Ransomware
Learn about the repercussions of ransomware and how Avast Business Cloud Backup can help.
Learn more
configuration
Changes in the Ransomware Landscape
New US government responses to ransomware reveal some positive changes in the midst of rising risks.
Learn more

FAQ

Our research suggests that most ransomware spreads through Trojans, which means the ransomware program is hidden inside a file or link that seems both harmless and important enough for you to open or click. When ransomware is wormable it spreads automatically, like WannaCry, or it can spread via the user, like Popcorn Time.

Viruses, worms, and Trojans can all be delivery methods for ransomware. Though the ransomware might be spread by a virus, it’s not a virus itself.

Unlike most malware, which requires you to download a malicious file or click on a malicious link, some ransomware can infiltrate your devices without any action on your part. Other ransomware attacks rely on traditional methods.

Regardless of where the ransomware comes from, here is the most common scenario when it comes to a ransomware infection:

  1. The ransomware encrypts your files, making them inaccessible without a specific decryption key.
  2. A ransom note appears on your screen demanding a ransom, typically in Bitcoin, to get the decryption key or have the hijacker decrypt your files. There will usually be instructions on how to pay the ransom as well as a deadline for when to pay in order to preserve your files. It’s important to note that paying the ransom does not always guarantee that all your files will be restored.

While your device is infected with ransomware, any attempts to open your encrypted files will most likely be met with an error message informing you that your files are corrupt, invalid, or cannot be located.

We strongly recommend that you do NOT pay the ransom. And don’t attempt to negotiate with your attacker either. Giving in to their demands will only support future ransomware attacks.

Paying the ransom does not guarantee that your attacker will delete the ransomware, unlock your device, or give you the decryption tool for their strain. While they want a reputation for keeping their word so victims are more likely to pay up, some hijackers have collected ransoms and disappeared or sent useless decryption keys.

If you can’t recover your files following a ransomware attack, we urge you to hold out for a decryption tool for the strain that has infected your computer or mobile device. Sometimes, there’s a flaw in the cryptography the ransomware code uses, and the malware exposes lines of code which can lead to a fix.

Depending on your device and the strain, you may be able to rid your computer, smartphone, or tablet of ransomware. The malware removal process is the relatively easy part, but recovering your encrypted files can be impossible, sometimes even after the ransom has been paid. Removing the ransomware from your device is far from a guarantee that you will succeed in negating its effects.

To help you deal with ransomware on any device, we’ve prepared these handy guides for you:

Visit our Support Center for more FAQs

Strengthen your defenses

Book a demo

Buy now