Home » Spin.AI Blog » Cybersecurity » Google Workspace Security » How to Protect Against Ransomware: 8 Best Strategies in 2024
January 21, 2023 | Updated on: April 11, 2024 | Reading time 21 minutes

How to Protect Against Ransomware: 8 Best Strategies in 2024

Ransomware has become one of the most impactful cybersecurity threats over the past years. Besides paying huge ransoms to criminals, businesses suffer 22 days of downtime on average. Today we’re answering one of the key questions: how to protect against ransomware.

In this article, you will find 8 viable strategies for 2024 to protect against ransomware. Additionally, there is a bonus section dedicated to ransomware protection in Google Workspace.

How to Protect Against Ransomware

If you do not protect your organization from ransomware, you will be hit eventually. Without the proper protection against ransomware attacks, data loss is sure to happen. This is a foregone conclusion both on-premises and in the public cloud.

How exactly is ransomware such a threat? How does it render data completely useless?

Ransomware uses a process called encryption to make data unreadable by its rightful owner. Encryption uses a mathematical algorithm as a key that makes the data unreadable without the proper key to “unlock” it.

Attackers who deploy ransomware hold the “readable data” hostage until a ransom is paid. This payment provides the key to unlock and normalize the data, allowing it to be read again. The ransomware process is by design uneventful to the end-user.

There is nothing that lets the user or administrator know their data is being encrypted silently and maliciously. Once the encryption process is completed and the damage is done, the attackers deliver a message to the end-user, notifying them of the ransomware infection. They demand payment of the ransom before granting access to the encrypted data.

The ”Ransom” note left on the desktop of an infected workstation

Some ransomware variants add the ransom text in the names of encrypted files. You can often see it in the cloud ransomware attacks.

How can ransomware infiltrate your environment? There are many attack vectors that deliver ransomware to unsuspecting users. However, one of the most prominent methods that ransomware infects both cloud and on-prem is via email. An end-user is tricked into:

  • opening an attachment that in actuality contains a malicious executable file that houses ransomware;
  • clicking on the link that leads to a website with ransomware;
  • entering their credentials in a malicious SaaS application disguised as a legitimate app.

Recently, zero-day attacks have become a popular way to spread ransomware for ransomware gangs.

Many ransomware variants can evade traditional antivirus protection, posing a challenge to its effectiveness. These ransomware variants can then proceed to encrypt critical files, folders, mapped network drives, and any other resources that the end-user has permission to access.

As concerns popular cloud environments like Google Workspace or Microsoft 365, they provide no ransomware protection apart from spam and phishing filters. Unfortunately, these filters work only on poorly made emails. Complex social engineering attacks successfully get through cloud protection.

One of the avenues for ransomware infection that ties on-premises environments to the Google Workspacepublic cloud SaaS environment is file synchronization. Google Workspace offers installable utilities to synchronize files from on-premises end-user devices to the Google Workspace cloud. If ransomware infects an end-user device, it will begin encrypting files that will then be synchronized to the Google cloud. The ransomware encryption process is viewed as a change in the file, which will trigger the synchronization process.

Ransomware Can Infect Public Cloud

How to protect against ransomware

There are still huge misconceptions regarding public cloud environments and ransomware. Many businesses with untrained or naive and inexperienced personnel may feel that once data enters the realm of a public cloud SaaS environment such as Google Workspace, their data is immune to the effects of ransomware infections that wreak havoc on-premises. However, this could not be further from the truth.

The significant advantage of public cloud SaaS environments comes in the form of high availability resulting from world-class data centers and failover mechanisms in the underlying data center technologies used to host the SaaS services.

This should not be confused with data protection. They are two separate mechanisms and involve different technologies. While Google, Microsoft, and others are introducing the most basic nuances of data protection, these in themselves are not and should not be considered backups or ransomware protection.

Google Workspace has the ability to restore data in a rudimentary fashion of “versions” of files in their cloud storage as well as a “recycle bin” of sorts that allows “un-deleting” files that have inadvertently been deleted either accidentally or intentionally by end-users for up to 30 days.

While businesses may be able to leverage the file versions as a way to potentially recover data, this is not a method that can be relied upon for wide-scale protection of business-critical data hosted in the public cloud. Ransomware is greedy and destructive to any data it touches and modern strains infect versions too as a guarantee of a ransom payment.

What if ransomware-infected files are not discovered in the 30-day window of time for recovery? What if businesses need to restore a “version” of a file that was not captured by the versions in cloud storage? What if there are services affected by ransomware outside of Google Workspace storage, such as email? “RansomCloud,” a term coined for a ransomware variant able to encrypt cloud-based email, offers the smoking gun to show that even public cloud email is at risk for ransomware infection.

Currently, only the Google Workspace cloud drive storage is available for the recovery of various versions of data. What about email? What about any other services that may potentially be infected by ransomware or a yet-to-be-utilized ransomware attack that targets other cloud services contained in SaaS services like Google Workspace?

All of these and many other questions lead to the conclusion that more is needed in the way of backups for data stored in the public cloud. This can not be stressed enough – backups are essential to surviving a ransomware attack on-premises and in the cloud.

However, they are not enough for the cloud.

The meager data protection provided as a native feature in Google Workspace cloud storage is not sufficient for surviving a massive ransomware attack in a Google Workspace environment. Organizations need an enterprise data protection solution that provides proper backup functionality for data stored in the Google Workspace SaaS environment that allows proper versioning, retention beyond the 30-day limit imposed by Google with their file versions, automation, powerful restore functionality, migration features, and many other features and functionality that provide proper protection for public cloud Saas like Google Workspace.

The Cost of a Ransomware Attack

The cost of a ransomware attack can escalate dramatically with every minute and hour that passes with business continuity disrupted, not to mention the potential financial burden of paying the ransom demanded by cybercriminals. Additionally, the intangible cost of lost customer satisfaction, harm to brand reputation, and many other factors can add up to untold costs that can literally take an organization out of business.

Let’s take a look at a couple of scenarios, one with a customer using a traditional cloud backup solution, and one with a customer using SpinRDR to protect business-critical data.

Scenario 1

Customer “A” has a relatively large environment in Google’s Google Workspace SaaS environment with some 1,000,000 files stored on Google Shared Drives with approximately 15,000 Google Workspace accounts. An unsuspecting high-level end-user device is infected with ransomware, leading to most of the files stored across the Google Workspace environment being encrypted. The company has chosen a traditional backup vendor for the Google Workspace cloud environment with no additional ransomware protection.

Customer A is required to restore most if not all files stored in their Google Workspace environment. Google has imposed limitations in Google Workspace to prevent the abuse of the underlying infrastructure. One aspect of these limits is a 10 API request per second limitation. This can slow the restoration process even further.

For an environment of this size, a number of files and potential scope of ransomware infection, it could take upwards of 4 days to recover all files from the backup.

Scenario 2

Customer “B” also has some 1,000,000 files and approximately 15,000 Google Workspace accounts. However, they have chosen to use SpinRDR for both backing up their Google Workspace environment and for ransomware protection. This combination of machine learning-enabled technologies immediately starts fighting ransomware as soon as it starts attacking files in the cloud.

As listed above, SpinRDR uses 4 steps to protect against ransomware:

  • SpinRDR Security Scanner identifies the ransomware process
  • The ransomware process is effectively isolated and blocked by SpinRDR
  • Ransomware-affected files in the Google Workspace cloud are automatically identified
  • Ransomware encrypted files are automatically restored by SpinBackup’s powerful data protection recovery mechanism

When comparing the two scenarios, even though Customer A has a data protection solution in place, the damage can be extensive. Admins have to manually identify files that need to be recovered. As mentioned, the restoration operation may take days!

In contrast, when Customer B opted for SpinRDR, the ransomware attack they experienced was swiftly halted within minutes. The ransomware process was effectively blocked, and the affected files were automatically recovered, ensuring minimal data loss and eliminating the need to pay the ransom!

What is the return on investment or ROI for SpinRDR protecting your Google Workspace cloud environment? Priceless. When considering the damage prevented by this machine learning, proactive, automated response, the damage that was avoided could have saved the business.

We’ve spent years creating data protection software and here is what we’ve discovered along the way: to protect your company systems and data from ransomware, you need to use multiple strategies and tools at the same time. Because relying on one solution like antivirus won’t get you far in case of a full-blown ransomware attack.

Don’t worry, there are solutions that can make your life easier – we speak about them as a part of a strong multilayer ransomware protection strategy we talk about in this article.

In short, here is this approach:

  • Data security
  • Device security
  • Network security
  • Application security
  • Email security
  • Access security
  • End-user behavior security

Let’s look at these more closely and also mention some software you can use to shore up your defense.

1. Data Security: Airtight Backup + AI-based Ransomware protection

If you don’t have a robust Data Loss Protection (DLP) plan, all your security strategies will fall apart. The core of all the DLP plans is having a ransomware-proof backup that will let you restore data in case you get hit. Backup is literally the first thing you must take care of, so if you don’t have one, set everything aside and start tackling this task.

What you should remember when implementing your backup plan is that backups are not ransomware-proof by default. It means that if your systems are hit with crypto-ransomware, it will slip into the backup copies as well, leaving you with empty hands.

If your backup provider doesn’t have inbuilt ransomware protection, you need to implement the following backup tactics:

  1. Stick to the 3-2-1 rule – have a minimum of three copies of your backup, on two mediums, keeping one copy offsite;
  2. Backup your data at least three times a day;
  3. Enable version control to be able to restore different versions of your data;

Here is the full article about the Ransomware backup strategy

An easier way – you can choose a backup provider with an additional ransomware protection tool. Very few providers on the market grant ransomware protection coming with backup services, making the backed-up files isolated and airtight.

Ransomware protection with ransomware-proof backup software – SpinRDR

We recommend SpinRDR as a highly secure ransomware protection with a cloud-to-cloud backup solution for Google Workspace and Microsoft 365 data. It covers many security and compliance issues, providing you with 24/7 ransomware protection that:

  • Identifies and blocks the ransomware source
  • Alerts you about the incident
  • Stops the encryption process
  • Identifies the number of damaged (encrypted) files
  • Runs a granular recovery of encrypted files from the last backed-up version

If you get hit, your backups will remain sealed and the encrypted files will be restored right away.

Also, note that there are no strings attached:

  • You don’t need to install any software (everything is web-based)
  • You can start from 10 licenses and choose a monthly subscription

SpinOne offers a 15-day trial of backup + ransomware protection for Google Workspace and Microsoft 365 data.

How does SpinRDR ransomware protection work? Watch this video:

2. Device Security: Patch Manager and Antivirus Software

Another must-have desktop protection is having an antivirus. Of course antivirus, no matter how good it is, won’t entirely protect you from ransomware (if you thought otherwise, check out why antivirus doesn’t protect against all types of ransomware). And yet, an antivirus program is a necessary line of defense that secures your devices from viruses, adware, worms, trojans, and others.

How does antivirus help against ransomware, you may ask? It’s simple: since ransomware is often spread as downloadable malware, there is a chance that antivirus will detect and block it before it encrypted any files.

Don’t know where to look for the right software?

Here is the list of patch management software by rating and the list of endpoint antivirus software by rating

3. Network Security: Firewall

A firewall is your first line of defense or your computer network gatekeeper. Contrary to antivirus software, which requires a very small effort to set up, firewalls usually require special knowledge. Firewalls may come as a piece of software or even hardware, which operates between the user device and the Internet. To put it simply, a firewall is a gatekeeper for the incoming traffic, which may contain a ransom code.

A firewall detects all possible exploits in your network and shields them. Also, it minimizes the risk of lateral movement inside your network and filters all the inbound and outbound traffic. It allows the blocking of any unsolicited and suspicious websites and attachments.

Don’t know where to look for the right software?

Here is the list of the most popular firewall software by rating

4. SaaS Application Security: Application Audit Software

Employees download and use hundreds of third-party apps and extensions every day. No wonder they are becoming a common channel of malware infections, including ransomware.

These risky applications can contain malware that is deployed when a user provides such apps access to their corporate data.

For example, an employee installs an app that allows signing documents online; in order to function, this app requests different kinds of permissions – to Google Docs, local folders, email, and so on. When the permissions are granted, this app can inject ransomware code to every location it has access to.

This risk with apps is a part of a bigger problem called “Shadow IT”, which we fully address in the article Shadow IT management: rules and tools. But here are some fundamental rules that can eliminate your risk of being infected:

  1. Create a procedure for the application approval and the evaluation criteria;
  2. Create an ever-growing list of allowed and blocked applications;
  3. Prevent users from accessing the blocked applications within your domain;
  4. Monitor, assess, and block (if needed) all unauthorized apps connected to your domain.

If you manage a Google Workspace domain with many users, we advise you to use specifically dedicated application audit tools for these purposes. Otherwise, it is almost impossible to track what users download, what permissions they grant to applications or extensions, and whether the app is risk-free.

Application audit software – SpinSPM (for Google Workspace and Microsoft 365)

5. Email Security: Anti-Spam Filtering

Phishing emails with malicious links in them are confirmed by cybersecurity experts to be the leading cause of ransomware, being responsible for 67% of successful attacks in 2019-2020. Logically, by reducing the number of phishing emails your employees get, you decrease the likelihood of employees clicking on the link.

There are a few ways to set up phishing and malware protection for your email:

  1. If you use Google Workspace as your business suite, follow the steps on this page.
  2. If you use Microsoft 365 as your main suite, check out this page for anti-spam protection and this page for anti-phishing protection.

Don’t know where to look for the right software?

Here are the best email security tools by rating if you are looking for a third-party solution.

Check out 10 types of ransomware you need to stay away from in 2024.

6. Access Security: Authorization and Sharing Management

Many organizations have a clear understanding of job roles and who does what within their team, but only some manage computer user roles as attentively as required.

You have to determine the users and the data access they have. It should be clear, who can write to a database or specific data set within your database, and how to temporarily acquire or surrender a role in the case when an employee gains new responsibilities – all these processes should be planned. Having a correct employee exit procedure is important as well.

Moreover, for maximum transparency, safety, and efficiency we recommend tracking as many user activities as possible. Having proper software can minimize the human factor and keep your corporate network safe even in case your employees fail to follow your cybersecurity guidelines.

If you are an Office 365 user, you may want to check more about roles and permissions in the Security and Compliance Center.

7. Authentication Security: Set Up Password Policy and Enable Two-Factor Verification

Strong authentication practices prevent your system from unauthorized access, like brute-force attacks, password stuffing, and account hijacking.

Weak authentication practices like the lack of a strong password policy and two-step verification make it a piece of cake for a hacker to penetrate your system and inject ransomware.

Weak password is the reason behind up to 80% of data breaches. Thus, we recommend you to create a strong password policy and ensure your employees understand and follow it.

Here are some of the main rules:

  • Create a unique password for your work. It shouldn’t be the same as in your social media.
  • Don’t make your password too short. It should include eight characters at least.
  • Use various characters: upper- and lowercase letters, digits, and symbols.
  • Never create too obvious passwords like 123456, qwerty, abcdef.
  • Change your passwords regularly.

Two-factor verification (or 2FA) provides the second step of checking whether a user is authorized to enter. Ensure 2FA is installed and used to access data in your corporate network.

2FA may prove user identity in a number of different ways. For example, by generating a unique code by a special app like Google Authenticator. The code can be sent via a text message, email, etc.

2FA requires both email and mobile phone to get access to an account. Having the second check-in place dramatically decreases the risk of unauthorized access, and thus limits the ransomware attacks too.

8. End-User Behavior Security: Train Your Employees

In most cases, the end-user is the one that performs an action that triggers a ransomware attack. Security awareness training for your employees, although not being a panacea, can decrease the number of unaware or careless employees up to 90%, which drastically lowers their chances of clicking the wrong link.

Make sure that you have an easy-to-understand cybersecurity training conducted, and all the information is efficiently learned. Then, ensure that people know how to safely behave over the internet and within your internal IT infrastructure. Some testing (and rewards) will help too.

One of the best ways to educate your employees is by running a mock phishing attack. You can send out fake phishing emails and watch people clicking the links. After that, explain that in real life they might have caused a ransomware infection.

Don’t know where to look for the right cybersecurity training?

Here are the best security awareness training by rating.

And here is a list of phishing awareness training providers.

How to Protect Against Ransomware Attacks in Google Workspace

Backups are the only sure way to recover your data in the event of a ransomware infection that manipulates your data in the public cloud or anywhere else. As mentioned, the backup and recovery functionality provided by the Google Workspace SaaS public cloud environment is very limited. SpinBackup totally removes the limitations to adequate backups by providing an enterprise-grade backup and recovery solution for Google Workspace.

SpinRDR provides the “One-Two punch” needed to eradicate the ransomware threat in Google Workspace completely. Coupled with powerful automated backup and recovery capabilities, SpinRDR adds ML-enabled cybersecurity protection that works seamlessly with the data protection functionality to protect against ransomware processes infecting Google Workspace cloud environments and automatically restore any files that may have been affected by the ransomware encryption process. It makes it the best way to protect against ransomware for organizations.

Choose SpinRDR for the following automated responses to ransomware and ransomcloud attacks:

  • Security Scanner identifies the source of the attack
  • Blocks the source and encryption process
  • Identifies the number of damaged (encrypted) files
  • Runs a granular recovery of encrypted files from the last successfully backed-up version

Check out these and other SpinRDR Ransomware Protection features.

Concluding Thoughts

Native cloud-provided data protection solutions are absolutely required for businesses to withstand and survive a ransomware attack effectively. However, even though backup is one of ransomware protection best practices, alone do not prevent the potential downtime that may result from a ransomware attack.

SpinRDR’s ransomware protection and backups are absolutely priceless to businesses looking to back up their data and protect against ransomware attacks altogether. SpinRDR saves companies from the manual recovery time needed to identify affected files and restore them. Instead, it blocks the ransomware quickly, identifies the affected files, and automatically restores them. It all makes SpinRDR an excellent enterprise ransomware protection service.

By implementing the proactive, automated, and intelligent response provided by SpinRDR, businesses can take the offensive against ransomware attacks instead of simply reacting to an attack and restoring data manually.

Try SpinRDR Ransomware Protection

Frequently Asked Questions

How can ransomware be prevented?

To protect your company systems and data from ransomware, you need to use multiple strategies and tools at the same time. Such an approach to ransomware prevention is often referred to as the multilayer ransomware protection strategy we talk about in this article. This approach includes:

  1. Data security. Maintain regular data backups that will let you restore data in case you get hit by ransomware. Ensure backups are not directly accessible from your network to prevent them from getting encrypted by ransomware.
  2. Device security. Regular Updates and Patch Management would keep your systems and software updated with the latest security patches to address vulnerabilities.
  3. Network security. Set up firewalls for your network security. It allows the blocking of any unsolicited and suspicious websites and attachments.
  4. Application security. Maintain SaaS/App security by conducting regular application audit software.
  5. Email security. Implement robust email filtering and security solutions to block malicious attachments and phishing attempts.
  6. Access security. Apply the principle of least privilege (POLP) to limit access to critical systems and data. Users should only have access to what they need for their roles. Enforce strong password policies and use MFA to add an extra layer of security.
  7. End-user behavior security. Educate your employees about the dangers of phishing emails, suspicious attachments, and clicking on unknown links. Make them aware of common ransomware delivery methods.

What is my best defense against ransomware?

The most effective protection against ransomware involves employing an automated AI-driven system such as SpinOne. In combination with robust automated backup and recovery features, SpinOne incorporates AI-based cybersecurity measures that autonomously recover any files that might have encountered ransomware encryption. Opt for SpinOne for the following automatic actions in response to ransomware attacks:

  1. The security scanner locates the origin of the attack.
  2. It thwarts the attack source and encryption process.
  3. It determines the quantity of compromised (encrypted) files.
  4. It performs a detailed recovery of encrypted files from the most recent successfully backed-up version.

What triggers ransomware?

Ransomware typically spreads via phishing emails with malicious attachments and drive-by downloads, wherein users unintentionally download malware after visiting an infected website. Crypto ransomware, which encrypts files, spreads through similar techniques, and leverages social media platforms like web-based instant messaging apps. Furthermore, evolving ransomware infection methods have emerged, including exploiting vulnerable web servers as an entry point to infiltrate an organization’s network.

Was this helpful?

Thanks for your feedback!
Avatar photo

Vice President of Product

About Author

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

Latest blog posts

Protecting Partner Margins: An Inside Look at the New Spin.AI Partn...

Google recently announced a 40% reduction in the partner margin for Google Workspace renewals –... Read more

saas application data protection fundamentals

Expert Insights: SaaS Application Data Protection Fundamentals

SaaS applications appeal to organizations because they make running the application “somebody else’s problem.” However,... Read more