How You Can Mitigate Damage and Recover from Ransomware Attacks: Microsoft

Ransomware is ever-present on the minds of cybersecurity experts and that is not changing any time soon. From hijacking hospital networks to taking down entire fuel pipelines, ransomware has had its fair share of success. Not only are the consequences disastrous for these victims, but they must also decide if they are willing to pay out of pocket to pay the ransom, repair the damage, or deal with the loss. In a recent report, Microsoft has discussed key steps that organizations can incorporate in their cybersecurity practices. These steps are focused on ensuring businesses do not need to pay multi-million-dollar ransoms from a ransomware attack to recover data. As part of the feedback to the National Cybersecurity Center of Excellence (NCCoE) virtual workshop, Microsoft shared three steps to mitigate damage and recover from ransomware cyberattacks.

Microsoft recommends three steps for mitigation: prepare, limit, and prevent. These three steps work on the assumption that attackers will breach the network. The IT giant recommends acting as if an attack has already happened and focusing on alleviating the most damage first.


Microsoft recommends preparing for the worst-case scenario and expecting that ransomware attacks can happen at any level of the organization. This way organizations can limit the damage of destructive attacks and by extension, limit the financial gain for hackers. Restoring data from backups can be troublesome, but it is more efficient than using decrypting tools shared by attackers after paying them off. Also recommended, back up critical dependencies, including access and identity systems like Microsoft Active Directory. Organizations should add ransomware as a high-likelihood and high-impact scenario, secure up-to-date backups, and regularly test recovery scenarios.


To limit damage, organizations need to ensure they have firm control over critical accounts, such as IT administration accounts and those with control of business-critical systems. Microsoft encourages end-to-end session security, along with multi-factor authentication for admins, and the ability to monitor identity systems, mitigate lateral traversal, and promote rapid threat response. By protecting privileged accounts, this blocks hackers from easily gaining the access needed to further compromise and encrypt an organization's most vital resources. Limiting access to users and resources, organizations are restricting the cyber attackers’ chances to use administrative credentials to secure vital company files, lowering the amount of leverage a successful attack can use for ransom.


Last, Microsoft encourages combating the threat of ransomware and preventing the attacker from entering organizations’ environment, rapidly responding to incidents, and removing hackers’ access before they can steal or encrypt data. Organizations should prioritize implementing protection, detection, and response controls along with improving security practices.

To confront ransomware threats, it is important to identify the possible risk, secure valuable data and be prepared to recover said data in case of an attack. As with any security threat, it is not probable to always keep ransomware threats at bay, but the steps outlined above should help mitigate the risk and recovery.

For more news and updates, visit

You can also reach us out on Facebook, & LinkedIn or Contact us.


Comments are closed
Our team knows the importance of the work we do for our clients. We know that our efforts have a direct impact on your productivity, profitability and success, so we take our tasks seriously! We look forward to providing your company with strong
ROI and value.