Skip to content

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Close
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • AI-driven spreadsheet tools — what CPAs need to know
    • Is spending on technology spinning out of control?
    • Using 3 Excel View tools to manage large spreadsheets
  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • Job cuts mean strong 2025 tax season may be hard to repeat, IRS watchdog warns
    • IRS removes associated property rule in final interest capitalization regulations
    • Spouse is not entitled to sales proceeds in a judicial sale of taxpayer’s home
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • PCAOB publishes guidance related to Audit Evidence amendments
    • AI-driven spreadsheet tools — what CPAs need to know
    • Job cuts mean strong 2025 tax season may be hard to repeat, IRS watchdog warns
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC accepting Professional Accounting Fellow applications
    • SEC names new chief accountant
    • SEC ends legal defense of its climate rules
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • PCAOB publishes guidance related to Audit Evidence amendments
    • AICPA unveils new QM resources to help firms meet Dec. 15 deadline
    • 8 steps to build your firm’s quality management system on time
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • Business outlook brightens somewhat despite trade, inflation concerns
    • AICPA & CIMA Business Resilience Toolkit — levers for action
    • Economic pessimism grows, but CFOs have strategic responses
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

3 ways to defeat ransomware: Plan, prevent, not pay

Organizations should develop a blueprint for defending against -- and responding to -- ransomware attacks.

By Lindsey Whinnery, CPA
February 3, 2020

Please note: This item is from our archives and was published in 2020. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

October 1, 2019

Planning for data security

September 1, 2019

Housekeeping tips to mitigate data security risk

June 11, 2019

4 ways to protect your data from the dark web

TOPICS

  • Technology
    • Information Security & Privacy

Imagine you are in the middle of your workday and you double-click on one of the 50 Excel files saved to your desktop. Instead of seeing multiple columns and thousands of rows of data, you receive an error message stating your file cannot open unless you pay someone by the name of 4N0M4LY a certain amount of bitcoin. You need to access this file immediately, and you have no other copies of it since you do not back up your desktop. What do you do next?

Unfortunately, this ransomware nightmare scenario is common, and there is no indication that this type of attack will slow down. Ransomware attacks continue to dominate headlines and plague organizations of all sizes in both the private and public sectors. As with other cybersecurity attacks, no organization is immune. Your best option is to prepare for this type of attack by using a three-pronged approach: plan, prevent, and not pay.

Plan

During a ransomware attack, the general mood is panic. Time is of the essence, so having a plan is critical. Here are a few steps that you will want to define.

  • Containment: Immediately disconnect the infected system(s) from the network — wired, wireless, and Bluetooth connections. You want to make sure the ransomware will not spread to other systems on the network. It’s also important to immediately hibernate or power off the system(s).
  • Check other systems: Ransomware can spread. Run full-system scans of all the workstations and servers on the network to help detect ransomware on other systems.
  • Format and restore: Format the infected system(s) several times and restore the operating system. Use your backups to restore the data.
  • Retain outside IT support: Develop a relationship with an IT forensics company, an emergency IT support company, or both. It’s likely that your IT department is already overloaded and may not have the resources to recover from a large-scale ransomware attack in a reasonable time period. Being able to call upon outside help immediately could help drastically reduce the impact of a ransomware attack and the time it will take to restore your operations.

Prevent

While it’s impossible to completely prevent a ransomware attack, you can implement some important safeguards to significantly reduce your risk of becoming a ransomware victim.

  • Train end users: Your end users are your front line of defense. The majority of ransomware is downloaded when end users click on malicious links or open malicious email attachments. Systems can also be infected with ransomware when end users visit infected websites. Ransomware is frequently downloaded and installed on the computer in the background while the end user is innocently browsing. Training will reduce the risk of ransomware entering your network.
  • Use email security software: Since a majority of ransomware attacks begin with end users clicking on links in an email, email security software will reduce the number of emails with malicious links and attachments arriving in your end users’ inboxes. Systems can filter suspicious emails for review or even strip potentially malicious links from the email.
  • Anti-malware software: Anti-malware software can prevent some forms of ransomware, so it is important for all devices to have this sort of software installed and configured for periodic full-system scans and on-access scanning.
  • Back up your data: Backing up your data will not prevent ransomware attacks, but it will prevent you from having to consider paying the ransom. All critical data should be backed up, and it is important to have multiple versions of data backups, such as weekly and monthly versions. Ransomware could encrypt files and go undetected for weeks, if not months. Having multiple versions of backups will increase your chances of having an uninfected backup to restore from. Also, these backups should be disconnected from the network, since ransomware attacks are notorious for specifically seeking out known backup files and encrypting those files, too.

Not pay

If you do not have a backup to restore from, you may find yourself asking: Should we pay the ransom to get our data back? Consider the following.

Look for a solution: Start by checking nomoreransom.org, which lists several known ransomware attacks and the associated decryption keys. You may be able to unlock your data without having to pay the ransom.

Don’t fund criminals: If you pay the ransom, you’re funding criminals and unintentionally supporting the ransomware business, which will continue to grow with each ransom payment made.

Advertisement

Don’t trust criminals: As in any ransom situation, there is no guarantee that you’ll receive the decryption key after paying the ransom. Even if you do receive a decryption key, it may not work and it’s unlikely the criminal will provide tech support to determine the issue.

Taking the plan and prevent steps now can help you avoid a ransomware attack and reduce the impact should one occur within your network. It’s important to layer controls so that if one fails, others are in place to help prevent an attack.

— Lindsey Whinnery, CPA, CISSP, CISA, is a partner at CapinTech, a CapinCrouse company. She has 20 years of experience in information technology and information security. To comment on this article or to suggest an idea for another article, contact Jeff Drew, a JofA senior editor, at Jeff.Drew@aicpa-cima.com.

Advertisement

latest news

October 3, 2025

PCAOB publishes guidance related to Audit Evidence amendments

October 2, 2025

Job cuts mean strong 2025 tax season may be hard to repeat, IRS watchdog warns

October 2, 2025

Is spending on technology spinning out of control?

October 1, 2025

IRS removes associated property rule in final interest capitalization regulations

September 30, 2025

IRS withdraws prop. regs. affecting corporate spinoff transactions

Advertisement

Most Read

Why accountants need to master the art of reading the room
MAP Survey finds CPA firm starting pay on the rise
IRS finalizes regulations for Roth catch-up contributions under SECURE 2.0
Paper tax refund checks on the way out as IRS shifts to electronic payments
NASBA, AICPA release proposed revisions to CPE standards
Advertisement

Podcast

October 2, 2025

Car talk: M&A, AI and EVs changing the dealership landscape

September 25, 2025

Professional liability risks related to Form 1065, CPA firm acquisitions

September 18, 2025

‘We’re still the thinkers’ — a reminder for tax pros in the AI era

Features

AI-powered hacking in accounting: ‘No one is safe’
AI-powered hacking in accounting: ‘No one is safe’

AI-powered hacking in accounting: ‘No one is safe’

Building a better firm: How to pick the proper technology
Building a better firm: How to pick the proper technology

Building a better firm: How to pick the proper technology

Why accountants need to master the art of reading the room
Why accountants need to master the art of reading the room

Why accountants need to master the art of reading the room

How BI and analytics enhance management accountants’ partnering role
How BI and analytics enhance management accountants’ partnering role

How BI and analytics enhance management accountants’ partnering role

SPONSORED REPORT

Preparing clients for new provisions next tax season

Preparing clients for new provisions next tax season

As the 2025 filing season approaches, H.R. 1 introduces significant tax reforms that CPAs must be prepared to navigate. These legislative changes represent some of the most comprehensive tax updates in recent years, affecting both individual and corporate taxpayers. This report provides in-depth analysis and guidance on H.R. 1.

From The Tax Adviser

September 30, 2025

Current developments in taxation of individuals: Part 1

August 30, 2025

2025 tax software survey

August 30, 2025

Are you doing all you can to keep the cash method for your clients?

July 31, 2025

Current developments in S corporations

MAGAZINE

October 2025

October 2025

October 2025
September 2025

September 2025

September 2025
August 2025

August 2025

August 2025
July 2025

July 2025

July 2025
June 2025

June 2025

June 2025
May 2025

May 2025

May 2025
April 2025

April 2025

April 2025
March 2025

March 2025

March 2025
February 2025

February 2025

February 2025
January 2025

January 2025

January 2025
December 2024

December 2024

December 2024
November 2024

November 2024

November 2024
view all

View All

http://JofA_Default_Mag_cover_small_official_blue

PUSH NOTIFICATIONS

Coming soon: Learn about important news

CPA LETTER DAILY EMAIL

CPA Letter Logo

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • X Logo JofA on X
  • facebook JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed rss feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2025 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.