* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Company \& Culture](https://www2.paloaltonetworks.com/blog/category/company-culture/)
* Cybersecurity Tips From U...

# Cybersecurity Tips From Unit 42 to Help Stop Ransomware Attacks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F07%2Fstop-ransomware-attacks%2F)  
[](https://twitter.com/share?text=Cybersecurity+Tips+From+Unit+42+to+Help+Stop+Ransomware+Attacks&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F07%2Fstop-ransomware-attacks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F07%2Fstop-ransomware-attacks%2F&title=Cybersecurity+Tips+From+Unit+42+to+Help+Stop+Ransomware+Attacks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/07/stop-ransomware-attacks/&ts=markdown)  
\[\](mailto:?subject=Cybersecurity Tips From Unit 42 to Help Stop Ransomware Attacks)  
Link copied  
By [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn")  
Jul 26, 2021  
4 minutes  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[best practices](https://www.paloaltonetworks.com/blog/tag/best-practices/?ts=markdown)  
[cybersecurity tips](https://www.paloaltonetworks.com/blog/tag/cybersecurity-tips/?ts=markdown)  
[ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown)

Just five years ago, cybersecurity experts were warning that the threat from cyber extortion was poised to grow as criminals increasingly looked to profit from the use of ransomware. Hackers have since perfected their ability to infiltrate computer systems and encrypt everything until the owner pays a ransom to regain control.

In 2016, the majority of ransoms paid were $500 or less. We now regularly see ransom payments that are more than 10,000 times that level. Palo Alto Networks consultants have seen average payments increase to more than $500,000. We've even seen [some payments above $10 million](https://unit42.paloaltonetworks.com/ransomware-threat-report-highlights/).

No, it's not a movie plot. Over time, hackers realized they can make more money targeting large organizations, and they're reaping the profits. Moreover, these hackers have learned that encrypting data allows them to disable critical computer systems, thus enabling them to cripple 911 dispatch centers, halt the flow of gas pipelines and shut down hospital emergency rooms.

Ransomware presents a massive risk to national security and the operations of large organizations. While the headlines focus on attacks against large corporations and governments, small businesses are also regularly victimized by cyber extortion. And such attacks can be devastating to small organizations that lack the knowledge, staff and financial resources to withstand a major cyberattack.

With organizations moving to a hybrid work model, it's become even more important to educate employees on the dangers of ransomware. With a mix of office and remote workers, including a mix of work and home devices on company networks, it's becoming easier for hackers to identify security weaknesses.

## 3 Tips to Protect Against Ransomware Attacks

###### **1. Beware of phishing emails --- if you think you received one, report it.**

Ransomware is primarily spread through phishing emails that contain malicious attachments. Disguised as legitimate communication, the fraudulent email tricks the recipient into responding by enticing them to click a link, open an attachment or directly provide sensitive information.

Phishing emails have become one of the most prevalent methods of ransomware because they're simple to deploy. Adding to the ease of deployment is the availability­ of low-cost phishing kits that include website development software, coding, spamming ­software and content that can be utilized by hackers to create convincing websites and emails.

###### **2. Update devices with the latest software patches.**

Hackers like to take advantage of software vulnerabilities to spread ransomware. Software vulnerabilities are weaknesses in a software program.

A software patch helps to solve this problem by addressing security vulnerabilities in a software program, so a hacker is unable to exploit them. Most of the time, software patches will be issued automatically by a vendor, so take advantage of them. Other times, you will need to install a software patch manually; make sure to check whether you have the latest patches. If you don't, go directly to the vendor's website and install them.

###### **3. Restore any encrypted files with backups.**

If you're the victim of a ransomware attack, don't panic. Check whether you have backed up your files. If you have, restore from your latest backup. This is the fastest way to get your files back. If you haven't backed up your files, then you may need to consider your files lost.

The most common question we get with ransomware attacks is: "Should you pay the ransom?" Unfortunately, there's not a one-size-fits-all scenario. All victims of ransomware attacks are left with difficult decisions. Seek the advice of a professional who can help you determine what to do.

What we advise is to [prepare for a ransomware attack](https://www.paloaltonetworks.com/blog/2021/07/protect-against-ransomware/). There are security tools and technologies available that can help prevent a ransomware attack and protect you from making that difficult decision.

## Recommended Reading

* [Breaking Down Ransomware Attacks](https://unit42.paloaltonetworks.com/breaking-down-ransomware-attacks/)
* Federal Trade Commission [ransomware information](https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/ransomware).
* Small Business Administration [cyber safety guide](https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats) and free webinar [schedule](https://www.sba.gov/events/find?dateRange=all&distance=200&q=cybersecurity&pageNumber=1).
* Cybersecurity and Infrastructure Security Agency [ransomware information](https://us-cert.cisa.gov/ncas/tips/ST19-001).

*For more tips on digital home safety, see "* [*Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season*](https://www.paloaltonetworks.com/blog/2020/11/u42-cybersecurity-tips-safer-holiday-shopping/)*" and "* [*Cybersecurity Tips from Unit 42 for the Household CIO of 2020*](https://blog.paloaltonetworks.com/2020/10/cc-household-cio/).*"*

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Cybersecurity Tips From Unit 42 for the 2021 Back to School Season](https://www2.paloaltonetworks.com/blog/2021/08/back-to-school/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

[#### Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season](https://www2.paloaltonetworks.com/blog/2020/11/u42-cybersecurity-tips-safer-holiday-shopping/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### More on the PAN-OS CVE-2024-3400](https://www2.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Learning From the Past --- Ten 2022 Cybersecurity Events to Know](https://www2.paloaltonetworks.com/blog/2022/12/unit42-cybersecurity-events-2022/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Today's Cyberthreats: Ransomware, BEC Continue to Disrupt](https://www2.paloaltonetworks.com/blog/2022/07/cyberthreats-incident-response-report/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative](https://www2.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language