How do you prevent a ransomware attack?

Your company has been attacked by hackers. They take your data hostage and demand a ransom for their release. The million-dollar question - that you can sometimes take literally - is the following: how do you prevent a ransomware attack? And what is the best way to deal with it?

Step 1 Keep your employees alert

Did you know that employees in a company are the weakest link in cybersecurity? The average company experiences 9.3 insider threats per month. Research shows that more than one third of employees do not know where to go and what to do when an insider threat occurs. Your first task: to draw attention to the security procedures.



Solution Lead Cybersecurity of Proximus

“Organize small cybersecurity moments and actions several times a year. That’s far more effective than one major campaign.”

Wouter Vandenbussche

Step 2 Know the four phases of a ransomware attack


Phishing, bad patches and USB sticks

Everyone knows about phishing. Hackers try to convince you to click on a link in order to introduce malware via Excel, PDF, exe files or your browser. But ransomware can also get in through poorly patched and maintained software and infected USB sticks.


Communication between your computers and the hackers

When a system is infected, there are signs that ransomware has embedded itself in a computer. Ransomware always contacts the hackers’ control center. That is abnormal communication for a computer.


Odd behavior by your computers and systems

Ransomware can wander around your network for weeks or months, among other things to find the data and systems that the bad guys can use to hit your company hardest.


Game over

Once the ransomware has encrypted the files and computers, it is simply too late. Encryption takes place in an instant. All you can do is save what you can and restore your processes or rebuild them from scratch.

How do you protect yourself against these 4 steps?

Wouter Vandenbussche explains.

Step 3 Your company suffered a ransomware attack. Now what?

Once you have been attacked, you immediately need to get a specialized response team involved. Most companies specializing in cybersecurity offer that service. They have access to decryption software and provide advice on what you need to do to get your business back on its feet. However, ransomware attacks are also a crime. That means you also need to call the police right away.

The Cyber Security Incident Response Team (CSIRT) is the Proximus fire department.

They take a coordinated approach to tackling your security issue using the right people, processes, and technologies. The team responds when you call them for a cybersecurity problem. They investigate the incident, call in specialists to extinguish the fire in your cybersecurity system, and tell you what measures to take so that it does not happen again.

Proximus Cybersecurity Survey: how safe are Belgian SMEs?

Between November 2019 and February 2020, 122 Belgian SMEs participated in qualitative, in-depth interviews and an online survey. This allowed Proximus to map out the impact of cybersecurity on their businesses.

How many SMEs have already suffered damage as a result of cyberattacks?

In 2018, the damage caused by cyberattacks on Belgian SMEs rose by no less than 194%.

The average cost of a cyberattack is 441,000 euros.

One SME employee out of three does not receive security training.


One example of an organization that had its crucial data taken hostage, was a Dutch educational institution. They were the victim of a ransomware attack last year. Several crucial data and systems as well as their backup servers were blocked. A week later, they ended up paying the hackers EUR 200,000 because if they did not comply, their students would not be able to graduate, their staff would not be paid, and their researchers would not be able to continue their research.