According to a recent FortiGuard Labs Global Threat Landscape report, ransomware has grown by 1,070% worldwide year-on-year. Organizations surveyed cited the evolving threat landscape as one of the top challenges in preventing ransomware attacks.

A related State of Ransomware 2021 report by Fortinet reveals most organizations are more concerned about ransomware than other cyber-threats. 95% of respondents feel concerned about being the target of a ransomware attack, with 76% indicating they are extremely concerned.

However, while the majority of organizations surveyed indicated they are prepared for a ransomware attack, including employee cyber training, risk assessment plans, and cybersecurity insurance, there was a clear gap in what many respondents viewed as ‘essential technology solutions’ for protection, and what technology can best guard against the most commonly reported methods to gain entry to their networks:

In view of these trends, the firm has formulated a strategy for preventing ransomware attacks for organizations. The strategy also covers mitigation procedures should an attack still manage to penetrate an organization’s defenses, including a six-step plan for stopping ransomware damage.

Comprehensive ransomware protection: start here

The end-to-end broad-based strategy comprises two key steps: Prevention, and Response/Mitigation. To prevent ransomware attacks and protect data, here are the crucial checkpoints comprising a top-down approach:


Know Your Risks and Plan Accordingly: There are several ransomware attack strategies that organizations need to prepare. Web-based attacks that target and compromise vulnerable systems are a significant attack vector, and Secure Web Gateways can help protect end-users. Fortunately, 52% of organizations include such technology in their ransomware plans. But the most common entry method reported by respondents was phishing, which combines social engineering and user manipulation with an infected email that includes malicious links or attachments. And while end-user training can go a long way towards preventing users from clicking on a malicious link or attachment, it only provides a partial solution. A modern secure email gateway should identify malicious links and attachments, analyze them in a sandbox, and ideally disarm them before they ever lure a user into downloading ransomware or (for those with a high-security concern) browse to links and files in an isolated browser environment.

Stop Known Threats: Organizations should also seek out a platform-based cybersecurity solution that stops known ransomware threats across all attack vectors. This requires a layered security model that includes network, endpoint, and data-center controls powered by proactive global threat intelligence. In addition to traditional security tools, it should also include behavioral analytics to quickly identify and stop a breach.

Encryption is Critical: Although it can be time-consuming, encrypting all data at rest prevents criminals from threatening to expose data online or resell stolen information on the dark web if a ransom is not paid.


Detect New Threats: As existing ransomware is constantly morphing and new ransomware is being released, it is essential to implement sandboxing and other advanced detection techniques to pinpoint new variants across those same vectors. Similarly, real-time behavioral detection at the endpoint is just as critical as detecting malware on its way to the endpoint.

Protect Endpoints: And while new advanced endpoint technologies like EDR (endpoint detection and response) can identify malicious ransomware—based on behavior in addition to threat intelligence, organizations need to implement critical technologies like Secure Web Gateways, SASE, and ZTNA for secure application access to extend protections to their remote and mobile workers.

Prepare for the Unexpected: Dynamic network segmentation helps protect against ransomware’s worm-like behavior. With an effective segmentation strategy in place, a breach can be restricted to a small portion of the network. Likewise, data backup with offline storage and recovery is critically important.


Modern ransomware attacks place data and lives at risk, meaning organizations must take a more proactive approach with real-time endpoint protection, detection, and automated response solutions to secure their environments. From a technical standpoint, cyber hygiene, zero-trust policies, network segmentation, and encryption offer protections. Further, these strategies work best when organizations leverage asset visibility tools to identify their critical assets – once they know where the data resides, they can create a proactive protection strategy.

All the above steps are covered by FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.

Organizations can also learn more about Fortinet’s free cybersecurity training, an initiative of Fortinet’s Training Advancement Agenda (TAA), or about the Fortinet Network Security Expert program, Security Academy program, and Veterans program.