Blog Post
June 1, 2023 | Cybersecurity education
Ransomware: What small businesses need to know
Last updated: February 5, 2024
You’ve seen the stories about ransomware in a news report or an article online: business operations grinding to a halt following an attack, or companies forced to close shop due to the costs of one.
Unfortunately, these attacks occur with frustrating regularity—and when they do, affected businesses are stuck between a rock and a hard place.
The reality is that ransomware is a serious concern for all businesses, no matter their size or the sector they work in—and small and mid-size businesses (SMBs) continue to be major targets.
Every industry is a ransomware target
The days when cyberattacks were exclusively a problem for large enterprises are long gone. Everyone is a potential target now; cybersecurity is critical to businesses of all sizes, and with the ubiquity of the hybrid office model and the internet-connected technologies it leverages, companies face increased risks.
Ransomware remains one of the most common cyber threats. According to Verizon’s 2022 Data Breach Incident Report (DBIR), ransomware threats grew by 13% between 2021 and 2022—an increase in incidents that rivals the last five years combined. These attacks account for well over a quarter of all detected malware attacks, and nearly a third of all victims are SMBs.
The Canadian Internet Registration Authority’s (CIRA) 2022 Cybersecurity Survey found that malicious software and unauthorized access to or theft of data remain the biggest perceived threats among surveyed SMB IT professionals. In addition, 73% of respondents admitted to having paid a ransom—up 69% from the previous year.
That rise in payments is hardly surprising given the sheer volume of attacks and the reality facing many SMBs: cybersecurity expertise and resources are more accessible to large enterprises than they are to their smaller peers.
As such, it’s more important than ever that SMBs stay informed about the threats they face and take steps to secure their operations against an attack.
What is ransomware?
Starting with the basics, ransomware is a type of malware intentionally designed to block access to your computer, demanding a ransom payment (hence the name) to restore access. Ransomware attacks may lock data on your computers, smartphones, networks, or other internet-connected devices.
But for that to happen, attackers first need access.
How ransomware works
Access is most often obtained through phishing or other social engineering tactics, where an attacker sends an email or text (or another digital message, possibly through a social networking site) that contains a link or attachment. These messages and links are designed to look as authentic as possible in an attempt to get users to click.
Clicking a malicious link or downloading a malicious attachment triggers the installation of ransomware, which (in most cases) will then encrypt the data on the device, making it inaccessible. The victim receives a message demanding payment if they want their data back.
Still, awareness of phishing and social engineering tactics may not be enough; some attacks target known security vulnerabilities, exploiting unpatched hardware or software to gain access.
What’s more, paying a ransom is no guarantee you’ll get access to your data again—a recent report found that 21% of businesses that admitted to paying a ransom were still unable to recover their data. Paying up might even be illegal, depending on where you do business; legislation and regulations around paying known criminal groups could land a business in more hot water, even if they’re simply desperate to get back to business as usual.
Even after major disruptions to your operations and the resulting financial loss, attackers might just take the money and run, making recovery even harder. Now you’re stuck reporting on a data breach and dealing with fallout as you explain the situation to customers, in turn creating lasting damage to your reputation.
Arm your employees with the cybersecurity knowledge they need. Get the 2024 Employee Cybersecurity Handbook today.
Common types of ransomware
Ransomware’s widespread use over the last decade has resulted in several varieties. There is often significant overlap between each variant of ransomware, with individual types building off variants that have succeeded in the past. Ransomware is always evolving as attackers modify the techniques and tactics they use to extort payment, however, here are three types common today:
Crypto ransomware
When most people think of ransomware locking up their files, chances are they’re thinking of crypto-ransomware. This type encrypts the data on a device or network before demanding ransom, promising a decryption key if the victim pays up.
Crypto ransomware is the most common variety, with attacks frequently making headlines, including a major attack on Canadian law firms. “At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” commented the Law Society of Manitoba. Major strains include WannaCry, b0r0nt0k, and Ryuk.
Locker ransomware
Locker ransomware, despite its name, does not encrypt data to extort payment from victims. Instead, this type of ransomware blocks access to files by locking users out, and in some cases will display a message claiming to be a law enforcement agency to extort a “fine” payment from users.
Reveton, one major strain, used a falsified message claiming to be from the FBI to scare users into paying.
Doxware or extortionware
Doxware (also known as extortionware) threatens to exfiltrate data from an infected device or network if a victim does not pay up, taking its name from the practice of “doxing,” or leaking highly sensitive personal data.
These attacks are highly targeted at organizations or users with sensitive data. Some attackers have used the Maze ransomware strain to seize data before leaking it publicly, and a recent attack on a UK-based university resulted in ransomed data being exposed online.
Defending against a ransomware attack
Defending against ransomware attacks may seem intimidating at first glance, but the truth is that even a few simple, easy-to-implement best practices can help protect your small business from an attack.
Back up your data
Regular backups of sensitive and important information can help ensure business continuity during a ransomware attack. If an attack does lock up your IT systems, a recent backup can be restored on a clean, secure device or network to get your business up and running.
Update and patch software
Regular patching, updating, and maintenance help protect against or eliminate known cyber security vulnerabilities in your IT systems and network and prevent attackers from accessing your systems via the internet.
Protect systems connected to the internet
Using a DNS firewall will allow you to limit access to known malicious websites, helping defend against potential social engineering attacks while blocking malicious code and securing access to cloud apps and corporate websites.
Leveraging a virtual private network (VPN) can also help, giving workers a secure means of accessing corporate data or otherwise connecting to your network from remote locations.
Develop a culture of cybersecurity
Train employees to watch for and understand the tricks attackers use, spot and avoid potential phishing links, and flag requests for personal information or credentials.
Password policies, password managers, and multifactor authentication (MFA) can also provide ways for employees to take responsibility for keeping their devices and company data secure.
Use a cybersecurity solution
Staying ahead of ransomware demands a view into what’s happening across your IT environment. Tools that detect and respond to suspicious activity across your network, end-user devices, and cloud services can help you identify potential threats early.
Look for a holistic cybersecurity solution that prioritizes threats and provides guidance about the actions you can take to prevent ransomware infections.
Strengthen your cyber security today
Just because cyber attacks on SMBs are becoming more common doesn’t mean you’re powerless. Knowing what to look for, how to respond, and how to protect your small business can prevent costly downtime, data loss, reputational damage, and legal risks.
Arm your employees with the cybersecurity knowledge they need. Get a free copy of The Employee Cybersecurity Handbook.