Skip to content
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • Engage 365 Communities
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • Drafting an AI policy that actually works
    • What AI agents mean for CPA firms
    • A guide to fighting AI-fueled AP/AR fraud

  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • IRS adds online option, details for Kwong-related refund claims
    • Corporation’s officer held personally liable for its taxes under Federal Priority Statute
    • District court upholds final microcaptive reporting regulations
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • IRS adds online option, details for Kwong-related refund claims
    • PCAOB consultation process offers new options for firms seeking guidance
    • FASB seeks comment on fair value reporting proposal
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC shares 3 goals in proposed 2026–2030 strategic plan
    • SEC proposes rescission of climate disclosure rules
    • SEC proposes semiannual reporting option for public companies
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • PCAOB consultation process offers new options for firms seeking guidance
    • Standardization of sustainability reporting improves, but obstacles remain
    • How to monitor a firm’s system of quality management
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • How to handle increased enforcement of unclaimed property notices
    • Standardization of sustainability reporting improves, but obstacles remain
    •  What it takes for a CFO to lead operations and tech
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

3 ways to defeat ransomware: Plan, prevent, not pay

Organizations should develop a blueprint for defending against -- and responding to -- ransomware attacks.

By Lindsey Whinnery, CPA
February 3, 2020

Please note: This item is from our archives and was published in 2020. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

October 1, 2019

Planning for data security

September 1, 2019

Housekeeping tips to mitigate data security risk

June 11, 2019

4 ways to protect your data from the dark web

TOPICS

  • Technology
    • Information Security & Privacy

Imagine you are in the middle of your workday and you double-click on one of the 50 Excel files saved to your desktop. Instead of seeing multiple columns and thousands of rows of data, you receive an error message stating your file cannot open unless you pay someone by the name of 4N0M4LY a certain amount of bitcoin. You need to access this file immediately, and you have no other copies of it since you do not back up your desktop. What do you do next?

Unfortunately, this ransomware nightmare scenario is common, and there is no indication that this type of attack will slow down. Ransomware attacks continue to dominate headlines and plague organizations of all sizes in both the private and public sectors. As with other cybersecurity attacks, no organization is immune. Your best option is to prepare for this type of attack by using a three-pronged approach: plan, prevent, and not pay.

Plan

During a ransomware attack, the general mood is panic. Time is of the essence, so having a plan is critical. Here are a few steps that you will want to define.

  • Containment: Immediately disconnect the infected system(s) from the network — wired, wireless, and Bluetooth connections. You want to make sure the ransomware will not spread to other systems on the network. It’s also important to immediately hibernate or power off the system(s).
  • Check other systems: Ransomware can spread. Run full-system scans of all the workstations and servers on the network to help detect ransomware on other systems.
  • Format and restore: Format the infected system(s) several times and restore the operating system. Use your backups to restore the data.
  • Retain outside IT support: Develop a relationship with an IT forensics company, an emergency IT support company, or both. It’s likely that your IT department is already overloaded and may not have the resources to recover from a large-scale ransomware attack in a reasonable time period. Being able to call upon outside help immediately could help drastically reduce the impact of a ransomware attack and the time it will take to restore your operations.

Prevent

While it’s impossible to completely prevent a ransomware attack, you can implement some important safeguards to significantly reduce your risk of becoming a ransomware victim.

  • Train end users: Your end users are your front line of defense. The majority of ransomware is downloaded when end users click on malicious links or open malicious email attachments. Systems can also be infected with ransomware when end users visit infected websites. Ransomware is frequently downloaded and installed on the computer in the background while the end user is innocently browsing. Training will reduce the risk of ransomware entering your network.
  • Use email security software: Since a majority of ransomware attacks begin with end users clicking on links in an email, email security software will reduce the number of emails with malicious links and attachments arriving in your end users’ inboxes. Systems can filter suspicious emails for review or even strip potentially malicious links from the email.
  • Anti-malware software: Anti-malware software can prevent some forms of ransomware, so it is important for all devices to have this sort of software installed and configured for periodic full-system scans and on-access scanning.
  • Back up your data: Backing up your data will not prevent ransomware attacks, but it will prevent you from having to consider paying the ransom. All critical data should be backed up, and it is important to have multiple versions of data backups, such as weekly and monthly versions. Ransomware could encrypt files and go undetected for weeks, if not months. Having multiple versions of backups will increase your chances of having an uninfected backup to restore from. Also, these backups should be disconnected from the network, since ransomware attacks are notorious for specifically seeking out known backup files and encrypting those files, too.

Not pay

If you do not have a backup to restore from, you may find yourself asking: Should we pay the ransom to get our data back? Consider the following.

Look for a solution: Start by checking nomoreransom.org, which lists several known ransomware attacks and the associated decryption keys. You may be able to unlock your data without having to pay the ransom.

Don’t fund criminals: If you pay the ransom, you’re funding criminals and unintentionally supporting the ransomware business, which will continue to grow with each ransom payment made.

Advertisement

Don’t trust criminals: As in any ransom situation, there is no guarantee that you’ll receive the decryption key after paying the ransom. Even if you do receive a decryption key, it may not work and it’s unlikely the criminal will provide tech support to determine the issue.

Taking the plan and prevent steps now can help you avoid a ransomware attack and reduce the impact should one occur within your network. It’s important to layer controls so that if one fails, others are in place to help prevent an attack.

— Lindsey Whinnery, CPA, CISSP, CISA, is a partner at CapinTech, a CapinCrouse company. She has 20 years of experience in information technology and information security. To comment on this article or to suggest an idea for another article, contact Jeff Drew, a JofA senior editor, at Jeff.Drew@aicpa-cima.com.

Advertisement

latest news

July 6, 2026

IRS adds online option, details for Kwong-related refund claims

July 6, 2026

PCAOB consultation process offers new options for firms seeking guidance

July 2, 2026

FASB seeks comment on fair value reporting proposal

June 30, 2026

IRS seeks examples of incorrect CP53E notices

June 29, 2026

IRS offers gift tax safe harbor for contributions to Trump accounts

Advertisement

Most Read

How to build reusable Skills in Anthropic's Claude AI
Profession Ready Initiative targets gaps in early-career CPA readiness
IRS seeks examples of incorrect CP53E notices
Using Excel to identify financial statement red flags
4 ways sole practitioners can set themselves apart
Advertisement

Podcast

July 2, 2026

The AICPA’s CEO on trust, AI, and the profession’s future

June 25, 2026

Midyear advocacy update: STEM, BOI, taxes and licensure

June 18, 2026

Why mindset may matter more than technology adoption

Features

Start in high school to strengthen the accounting profession
Start in high school to strengthen the accounting profession

Start in high school to strengthen the accounting profession

Accountancy in America: Meeting the moment for 250 years
Accountancy in America: Meeting the moment for 250 years

Accountancy in America: Meeting the moment for 250 years

A guide to fighting AI-fueled AP/AR fraud
A guide to fighting AI-fueled AP/AR fraud

A guide to fighting AI-fueled AP/AR fraud

How to handle increased enforcement of unclaimed property notices
How to handle increased enforcement of unclaimed property notices

How to handle increased enforcement of unclaimed property notices

How to tame funding volatility in not-for-profits
How to tame funding volatility in not-for-profits

How to tame funding volatility in not-for-profits

What AI agents mean for CPA firms
Accordance

What AI agents mean for CPA firms

FROM THIS MONTH'S ISSUE

Start in high school to strengthen the accounting profession

A practitioner-led outreach program, born of a university, accounting professionals, and local community collaboration, shows how to successfully engage high school students with the modern accounting profession.

From The Tax Adviser

June 30, 2026

Condo casualty losses: Deductions for common-interest property

May 31, 2026

Trust distributions: Timing, tax, and practical considerations

May 31, 2026

Current developments in taxation of individuals: Part 3

April 30, 2026

Current developments in taxation of individuals: Part 2

MAGAZINE

July 2026

July 2026

July 2026
June 2026

June 2026

June 2026
May 2026

May 2026

May 2026
April 2026

April 2026

April 2026
March 2026

March 2026

March 2026
February 2026

February 2026

February 2026
January 2026

January 2026

January 2026
December 2025

December 2025

December 2025
November 2025

November 2025

November 2025
October 2025

October 2025

October 2025
September 2025

September 2025

September 2025
August 2025

August 2025

August 2025
view all

View All

http://JofA_Default_Mag_cover_small_official_blue

PUSH NOTIFICATIONS

Learn about important news

This quick guide walks you through the process of enabling and troubleshooting push notifications from the JofA on your computer or phone.

CPA LETTER DAILY EMAIL

CPA Letter Logo

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • X Logo JofA on X
  • facebook JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed rss feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2026 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.