SECURITYSQUAD
Back to the blog

Ransomware: prepare, detect, and act when it counts

2026-05-28 · by SECURITYSQUAD

Ransomware: prepare, detect, and act when it counts

A Monday morning, the screens show a ransom note, production has stopped: ransomware is one of the scenarios that rightly keeps management awake at night. The good news is that most successful attacks aren't based on highly complex technology, but on gaps that can be closed with manageable effort.

How the attacks typically unfold

Encryption rarely comes first. Attackers usually get a foot in the door via a phishing email or a poorly secured remote access, then move quietly through the network for days or weeks, expand their privileges and exfiltrate data. Only at the end does encryption happen. That earlier phase is your opportunity: spot it, and you can stop the attack before damage is done.

Preparation that actually helps

Without claiming to be exhaustive, a few measures make the biggest difference:

  • Backups an attacker can't reach – kept offline or immutable, and regularly tested for restorability.
  • Multi-factor authentication on all remote access and for privileged accounts.
  • Timely patching of anything reachable from the internet.
  • Network segmentation, so an incident can't spread unchecked.

Detecting it before encryption

The weeks-long quiet phase before the actual attack leaves traces: unusual logins, privilege escalations, suspicious data movements. Central monitoring that surfaces such anomalies turns a catastrophic incident into a manageable one. That's exactly what a managed SIEM is for – including for companies without their own security team.

The worst case needs rehearsing

An incident plan gathering dust in a folder is little help in a crisis. Those who cope in an emergency have clarified beforehand: who decides? How do we communicate if our own IT is down? When are reporting obligations – for example under NIS2 – triggered? And very practically: does restoring from backup actually work? Playing through these questions once, calmly, is the cheapest insurance there is.

Paying should be the very last thought at the end – and with good preparation, not a necessary one at all.

Read more: GUARDIANVIEW – Managed SIEM · Cyber Risk Check · Expertise & Services