Guide to Ransomware Protection, Backup, and Recovery

Enterprise Networking Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Ransomware attacks are a profitable business for cybercriminals and show no signs of diminishing. These attacks can cause data and financial loss as well as reputational damage to enterprises.

Cybersecurity Ventures reported that ransomware cost the world a staggering $20 billion in 2021, up from $325 million in 2015. The emergence of ransomware-as-a-service (RaaS) platforms is one of the reasons for this significant increase.

RaaS enables bad actors to buy or rent ransomware kits in order to launch attacks. This reduces the barrier to entry for new criminals, making ransomware a low-risk, high-reward business model, as they can launch more sophisticated attacks with minimal effort.

Cybersecurity Ventures also reported that ransomware is expected to cost its victims around $265 billion annually globally by 2031. That’s an increase of 1,225% compared to the cost in 2021.

Organizations can minimize the risk of a successful ransomware attack and reduce the cost of recovering from a ransomware attack by implementing effective ransomware protection, backup, and recovery measures.

Ransomware protection and prevention

Although large enterprises more easily make the news when they suffer an attack, they are not the only targeted category. Organizations of all sizes, from small to midsize and large enterprises, are susceptible to ransomware attacks if their infrastructure isn’t adequately protected. Having protective and preventive measures in place can mitigate the risk and damage of ransomware attacks.

According to Sophos’ State of Ransomware 2021 Report, 37% of businesses were hit by ransomware in 2021, with the average ransom payment by midsize organizations totaling $170,404. Further, the average cost of rectifying a ransomware attack was estimated to be $1.85 million, reflecting the significant costs associated with such attacks. This includes downtime, people time, device cost, network cost, lost opportunity, and ransom paid.

To prevent costly attacks, organizations must invest in security tools to proactively help protect their infrastructure and data against ransomware.

5 best practices for ransomware protection

1. Back up data

Data should be backed up regularly, as this is the best way to ensure the data is safe and recoverable. It’s also essential that the backups are stored in a secure location, such as an external hard drive or cloud storage solution.

Following the 3-2-1 backup rule is best practice for staying protected against ransomware and other malware. This rule states that you should have at least three copies of all your data stored on two different media types (such as a hard drive and a cloud storage service), with at least one copy located offsite or in secure storage.

2. Patch vulnerabilities

By regularly updating your browsers, operating systems, and other software, you can reduce vulnerabilities that could be exploited by ransomware. Patching vulnerabilities can help prevent ransomware infections and minimize the impact of an attack.

Software vendors often release patches to address newly discovered security vulnerabilities, so keeping all systems up-to-date is key to mitigating potential ransomware infections.

3. Allowlist applications

Allowlisting will only allow permitted software to run on your systems and can help protect you from malicious software or ransomware. To do this, create a list of approved software and only allow these programs to execute on your devices. Review and update your list at intervals to keep it up-to-date.

4. Limit user access

Restricting user access can help prevent ransomware attacks. Limit which users have access to specific files and directories, as this will make it harder for malicious code to spread across your system.

5. Educate users

In addition to training your employees, educating your users and customers on the risks associated with ransomware and other cyber threats is important. Educating users on safe practices, such as not clicking on suspicious links or attachments that can lead to ransomware infections, is also important.

Top 3 ransomware protection software

There are many options out there when it comes to ransomware protection software. The best protection tool for your organization will depend on your specific needs, but the overall top three are Bitdefender Gravity Zone, Norton 360, and Acronis Cyber Protect.

Bitdefender GravityZone: Best for small businesses

Bitdefender logo

Bitdefender GravityZone is an all-in-one security solution that provides advanced protection against ransomware. It includes advanced threat prevention; security for physical, virtual, and cloud systems; and endpoint detection and response capabilities.

It uses both machine learning and behavior-based detection technology to identify suspicious activity on your network and block ransomware threats before they have a chance to infect your system. GravityZone can automatically back up all of your files regularly, allowing you to recover your data easily if needed.

Key Features

  • Supported operating systems include Windows, macOS, and Ubuntu.
  • Provides unified endpoint security and analytics.
  • Ensures compliance with various industry standard regulations, including PCI DSS, HIPAA, and GDPR.
  • Human risk analytics capabilities provide insights into users’ activities that could endanger enterprise security.
  • Offers automated remediation to remedy misconfigurations and provide monitoring and alerting for other unusual configuration issues.
  • Advanced behavioral analysis includes 10,000 algorithms analyzing more than 130 variables collected from each email message.


  • Built-in VPN
  • Risk analytics and hardening
  • Multiple detection layers, including process inspection, registry monitoring, code inspection, and hyper detect


  • Resource intensive
  • Users reported slow support response time


Bitdefender offers two pricing tiers, GravityZone Business Security and GravityZone Business Security Premium. Pricing for both tiers varies depending on number of devices covered. GravityZone also offers a one-month free trial.

PlanNumber of devices
GravityZone Business Security5 devices: $129.49 per year10 devices: $258.99 per year100 devices: $2,043.99 per year 
GravityZone Business Security Premium5 devices: $286.99 per year10 devices: $570.49 per year100 devices: $4,063.49

Norton 360: Best for individuals and home offices

Norton logo

Norton 360 is an all-in-one security suite developed by Gen Digital, Inc. (formerly Symantec). It’s a multilayered defense system that protects users from online threats, such as malware, ransomware, phishing, computer viruses, and other cybercrimes. It also provides additional features such as VPN, identity protection, dark web monitoring, cloud backup, password manager, and safe browsing tools.

Key Features

  • Offers up to $25,000, $100,000, and $1,000,000 in stolen funds reimbursement for the LifeLock Select, Advantage, and Ultimate Plus plans, respectively.
  • SafeCam capabilities block intrusive webcam access.
  • Norton 360 dark web monitoring alerts you if any of your information is compromised on the dark web.
  • Password manager helps keep passwords secure and encrypted.


  • Easy to install and set up
  • Not resource-intensive
  • Excellent mobile app
  • Parental control capabilities


  • Doesn’t cover servers
  • User interface could be improved


Norton offers tiered pricing plans. Note that the annual and monthly costs increase in the second year of the subscription. Norton 360 also offers a 7-day free trial for its first four tiers.

PlanDevices covered*Year one costYear two onward
Norton 360 Plus1$19.99$59.99
Norton 360 Standard3$39.99$89.99
Norton 360 Deluxe5$49.99$109.99
Norton 360 with LifeLock Select10$99.99 (or $9.99/mo.)$179.99 (or $17.99/mo)
Norton 360 with LifeLock Advantage10$191.88 (or $19.99/mo.)$249.99 (or $24.99/mo.)
Norton 360 with LifeLock Ultimate PlusUnlimited$299.88 (or $29.99/mo.)$349.99 (or $34.99/mo.)

*Can be used for PC, Mac, tablet, or phone in any combination

Acronis Cyber Protect: Best for remote and dispersed workforces

Acronis logo

Acronis is a global leader in data protection, backup, and disaster recovery solutions, focusing on hybrid cloud solutions. It protects against ransomware attacks, including real-time file scanning, encryption, and backups. Its anti-ransomware technology proactively blocks ransomware attacks before they can take hold.

Acronis Cyber Protect (formerly True Image) backups allow you to roll back to an earlier version of your files in case you fall victim to a ransomware attack.

Key Features

  • Multiplatform protection, including Windows, macOS, Android, and iOS.
  • End-to-end AES-256 encryption.
  • Hybrid backup for local and cloud data.
  • Uses artificial intelligence to detect and prevent ransomware attacks in real time.


  • Easy to use
  • Full disk image backup and restore
  • Excellent backup and file recovery capabilities


  • Pricey for small businesses
  • Support could be improved


Acronis offers tiered pricing for both individuals and businesses.They also offer a 30-day free trial for both their home office and business editions.

Cyber Protect Home Office (for individuals)

There are three tiers for individual workstation protection: Essentials, Advanced, and Premium.

  • Essentials: Starts from $49.99 per year for one computer.
  • Advanced: Starts from $54.99 per year for one computer.
  • Premium: Starts from $124.99 per year for one computer.

Cyber Protect (for business)

Acronis Cyber Protect is priced annually per workstation, server, and virtual host.

PlanAnnual cost per workstationAnnual cost per serverAnnual cost per virtual host
Acronis Cyber Protect Standard$85$595$705
Acronis Cyber Protect Advanced$129$925$1175
Acronis Cyber Protect – Backup Advanced$109$799$1019

Backup strategy for ransomware: 4 best practices

Backup is a crucial part of any ransomware protection strategy. With it, organizations could avoid significant data or financial loss. According to the Ponemon Institute, the average cost of downtime is $9,000 per minute for a data center. Another report by IDC estimates the average cost of downtime to be $250,000 per hour.

A solid backup keeps you ahead of attackers, ensuring you don’t lose your data if a ransomware attack encrypts it. Ideally, your backup strategy should include regular backups of your data, both onsite and offsite.

The 3-2-1 backup rule is an effective strategy for protecting your data from ransomware. This ensures that even if your primary data source is corrupted by ransomware, you still have access to your data in multiple locations.

There are also several best practices you can follow to ensure your files are always safe and secure, including developing a backup plan, keeping your backups updated and tested, and using immutable storage.

1. Develop a backup plan

Your backup plan should include both on-site and off-site backups. On-site backups are copies of your data stored locally on a hard drive or other storage media. Off-site backups are copies of your data stored at an external location, usually with a cloud service provider.

2. Regularly update your backups

It’s important to regularly update your backups to ensure they contain the most up-to-date version of your data. If you don’t update your backups, you won’t be able to restore your data in the event of an attack.

3. Test your backups

Regularly test your backups to ensure they work properly. You should also ensure all of the files are included in the backup, as some ransomware variants may delete files before encrypting them.

4. Use immutable backup or storage

While backing up your data is essential, adding a layer of protection using immutable storage could offer additional security. Immutable storage ensures that no changes can be made to the file once it has been written, meaning that even if ransomware were to gain access to the file, it wouldn’t be able to modify its contents.

Ransomware recovery

Ransomware recovery is a critical component of any ransomware response plan, as it helps to reduce the risk of complete data loss. It involves restoring data from a backup or other source, such as a cloud storage service, and then rebuilding the system. The specific steps will depend on the ransomware variant that has infected the system.

Steps to attempt data recovery after a ransomware attack

If you have been the victim of a ransomware attack, take the following steps to attempt to recover your data:

1. Isolate your system

Disconnect your system from the internet, local networks, and other connected devices to prevent the ransomware from spreading and causing further damage.

2. Contact law enforcement

If you suspect an attacker has encrypted your data and is demanding a ransom, contact your local law enforcement immediately.

3. Get professional assistance

Consider enlisting the help of a qualified cybersecurity professional or IT specialist with experience dealing with ransomware attacks. They can assist you in recovering your data without paying a ransom.

4. Use data recovery software

A variety of software solutions can help you recover data from an infected device. These programs are designed to search the device for lost data and can often recover files that have been deleted or corrupted.

5. Pay the ransom 

This is not recommended, as it may encourage further ransomware attacks, but as a last resort, if all else fails and your data is not recoverable, you may need to pay the ransom to regain access. Before doing so, make sure you understand the implications and risks associated with paying the ransom and ensure the attackers are capable of providing a working decryptor.

Bottom line: Ransomware protection, backup, and recovery

By practicing good cyber hygiene and using the right tools, businesses can take proactive steps to protect against ransomware attacks. This includes using antivirus software and firewalls, keeping operating systems and applications up-to-date, and training employees to identify and avoid suspicious emails. Additionally, it is essential to have a reliable backup and recovery plan to quickly restore access to files in the event of an attack. Investing in these protective measures can help to prevent important data and financial losses.

Plan ahead against attacks and protect yourself against financial losses by investing in ransomware insurance—or a full ransomware protection suite.

Aminu Abdullahi
Aminu Abdullahi
Aminu Abdullahi is an experienced B2B technology and finance writer and award-winning public speaker. He is the co-author of the e-book, The Ultimate Creativity Playbook, and has written for various publications, including eWEEK, Enterprise Networking Planet, Tech Republic, eSecurity Planet, CIO Insight, Enterprise Storage Forum, IT Business Edge, Webopedia, Software Pundit, and Geekflare.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles

Follow Us On Social Media

Explore More