Adam CoreIndia Pvt Ltd
××

Ransomware Defence: Protecting Critical Business Data

Ransomware attacks on Indian organisations quadrupled between 2022 and 2024. Here is a defence framework that actually works.

Ransomware Defence: Protecting Critical Business Data
ArticleKarthik Balakrishnan·

Ransomware has become the dominant threat facing Indian enterprises. The model is simple and devastatingly effective: attackers gain access to a network (typically through phishing, unpatched vulnerabilities, or compromised credentials), move laterally to identify and access high-value data and systems, encrypt critical data, and demand payment for the decryption key. The average ransomware payment globally has reached $1.5 million — and that is before accounting for the business disruption, recovery costs, and reputational damage.

The defensive framework has two objectives: prevent ransomware from establishing a foothold, and limit the damage when prevention fails.

Prevention starts at the email layer — the vector for over seventy percent of ransomware infections. Advanced email security with sandbox detonation, impersonation protection, and link scanning stops most malicious payloads before they reach users. Security awareness training that teaches employees to recognise and report phishing is the human complement to technical controls.

Endpoint protection with behavioural detection capability identifies and blocks ransomware execution patterns — the rapid file encryption activity that characterises an active ransomware infection — even for novel ransomware variants that signature-based tools would not recognise.

Patch management is the control that closes the vulnerability doors that ransomware actors walk through. Unpatched systems — especially internet-facing systems, VPN gateways, and Exchange servers — are routinely exploited within days of public CVE disclosure.

When prevention fails, backup and recovery capability determines the outcome. The 3-2-1-1-0 backup rule: three copies of data, on two different media types, one offsite, one immutable (ransomware-proof), and zero errors verified by tested restore. Immutable backups — stored in write-once cloud storage or air-gapped infrastructure — cannot be encrypted by ransomware even if the attackers reach the backup system.

Network segmentation limits lateral movement. If a ransomware infection cannot spread from a workstation to a server to a backup system, the blast radius is contained.