The Ransomware Reality
Ransomware attacks encrypt your files and demand payment for the decryption key. In Nigeria, these attacks are increasing:
- Hospitals unable to access patient records
- Manufacturing plants halting production
- Financial institutions locked out of systems
- SMEs paying millions in ransom or losing everything
The average ransomware payment globally exceeds $1 million. For Nigerian SMEs, even smaller demands of N5-20 million can be devastating.
10 Steps to Protect Your Business
Step 1: Backup Everything (And Test It)
Backups are your ultimate defense against ransomware. If you can restore your systems, you do not need to pay the ransom.
Requirements:
- Backup critical data daily
- Keep backups offline or air-gapped (ransomware encrypts connected backups)
- Use the 3-2-1 rule: 3 copies, 2 different media types, 1 offsite
- Test restoration quarterly
Common mistake: Backups that run but have never been tested. When ransomware hits, you discover the backups are corrupted or incomplete.
Step 2: Patch Religiously
Most ransomware exploits known vulnerabilities with available patches. Regular patching closes these entry points.
Priority:
- Operating systems (Windows, Linux, macOS)
- Browsers (Chrome, Firefox, Edge)
- Email clients (Outlook)
- PDF readers and Office applications
- Server software
Target: Critical patches within 72 hours. All others within 30 days.
Step 3: Deploy Endpoint Protection
Modern endpoint protection does more than traditional antivirus:
- Behavioral detection (catches unknown ransomware)
- Ransomware-specific protection (detects encryption behavior)
- Rollback capability (reverses ransomware damage)
Free antivirus is not sufficient. Invest in business-grade endpoint protection.
Step 4: Enable Multi-Factor Authentication
Many ransomware attacks start with compromised credentials. MFA makes stolen passwords useless.
Prioritize MFA for:
- Email accounts
- VPN access
- Remote desktop
- Admin accounts
- Cloud services
Step 5: Limit User Privileges
Users should only have access to what they need. Ransomware runs with the privileges of the user who triggered it.
Actions:
- Remove local admin rights from standard users
- Use separate accounts for administration
- Implement least privilege access
- Review and remove excessive permissions
Step 6: Secure Email
Email is the primary ransomware delivery method. Phishing emails with malicious attachments or links are extremely common.
Controls:
- Email filtering to block malicious attachments
- Link scanning before delivery
- Warning banners on external emails
- Block macro-enabled documents from unknown senders
Step 7: Segment Your Network
If ransomware gets in, network segmentation limits the damage. The infection cannot spread to areas it cannot reach.
Basic segmentation:
- Separate servers from workstations
- Isolate critical systems
- Control traffic between segments
- Monitor east-west traffic
Step 8: Disable Unnecessary Services
Reduce your attack surface by disabling services you do not use:
- Remote Desktop Protocol (RDP) if not needed, or restrict to VPN-only
- PowerShell for users who do not need it
- Macro execution in Office
- Unnecessary network shares
Step 9: Train Your People
Technology cannot block everything. Employees need to recognize threats:
- Phishing email identification
- Suspicious attachment handling
- Reporting procedures
- Social engineering awareness
Frequency: Initial training plus quarterly refreshers and simulated phishing tests.
Step 10: Have an Incident Response Plan
If ransomware hits, you need to know what to do immediately:
First 15 minutes:
- Isolate affected systems from the network
- Do not turn off infected systems (evidence preservation)
- Contact your IT team/provider
- Document what you observe
First hour:
- Assess the scope of infection
- Identify the ransomware variant if possible
- Check backup status
- Begin communication plan
First day:
- Make restore/no-restore decision
- Engage legal counsel if data breach occurred
- Notify relevant authorities (NDPC if personal data involved)
- Begin recovery process
What NOT to Do
Do Not Pay the Ransom (If Possible)
- Payment encourages more attacks
- No guarantee you will get your data back
- You may be targeted again as a known payer
- May violate sanctions laws in some cases
Do Not Negotiate Without Professional Help
If you must engage with attackers, use professional negotiators. Amateurs often make situations worse.
Do Not Delete Anything
Evidence is important for investigation and insurance claims. Preserve logs and affected systems.
Do Not Assume It Will Not Happen to You
Ransomware is automated. Attackers do not know or care about your company size. If you are vulnerable, you are a target.
The Investment Case
Prevention costs:
- Endpoint protection: N3,000-5,000 per device/month
- Backup solution: N50,000-200,000/month depending on data volume
- Security training: N20,000-50,000 per employee/year
- Managed security services: N150,000-500,000/month
Ransomware costs:
- Average ransom demand: N5-50 million
- Downtime: Days to weeks
- Recovery costs: Often exceeds ransom
- Reputation damage: Incalculable
Prevention is always cheaper than recovery.
Conclusion
Ransomware is not a matter of if but when. Every Nigerian business connected to the internet is a potential target.
The good news: the steps to prevent ransomware are well-known and achievable. Backup, patch, protect, authenticate, train, and plan.
The businesses that survive ransomware attacks are the ones that prepared before the attack, not after.
Start today. Pick one step from this list and implement it this week. Then move to the next.