How to Prevent Ransomware: A Practical Guide for Indian SMEs

India's Ransomware Problem Is Getting Worse

India saw a 312% increase in ransomware attacks in 2025. The average ransom demand for Indian SMEs is now Rs.50-200 lakhs. 90% of successful ransomware attacks could have been prevented with basic security controls.

How Ransomware Gets In

1. Phishing emails (70%) — Employee clicks malicious link or attachment
2. Exposed RDP (20%) — Attackers brute-force open Remote Desktop ports
3. Unpatched vulnerabilities (10%) — Known exploits in public-facing software

Step 1: Block Entry Points

Stop Phishing

• Deploy Secure Email Gateway with sandboxing
• Implement DMARC, DKIM, SPF in enforcement mode
• Run quarterly phishing simulations — target under 5% click rate

Secure Remote Access

• Disable RDP on all internet-facing systems
• Put any required RDP behind VPN with MFA
• Change all default credentials on network devices

Patch Everything

• Apply critical patches within 48 hours of release
• Use automated patch management
• Priority: VPN appliances, firewalls, web servers

Step 2: Detect Before Detonation

• Deploy next-generation EDR on all endpoints
• Enable ransomware behavioural rules: mass file modification, shadow copy deletion
• Set up 24x7 SIEM monitoring
• Use honeypot files as early warning triggers

Step 3: Limit the Blast Radius

• Segment your network: production, finance, development, guest — separate VLANs
• Implement least-privilege access
• Isolate backup systems from production networks

Step 4: Build a Tested Recovery Plan

• 3-2-1 backup rule: 3 copies, 2 media types, 1 offsite
• Immutable backups — cannot be deleted or encrypted by ransomware
• Test recovery monthly — actually restore a server from backup

5 Quick Wins for This Quarter

1. Enable MFA on all email accounts and VPN
2. Deploy EDR on all Windows endpoints
3. Run one phishing simulation campaign on your full organisation
4. Test your backup restore — actually recover a server
5. Disable RDP on all internet-facing systems