Skip Navigation

October 30, 2020 |

Ransomware: What small businesses need to know

Loading table of contents...

You’ve probably seen something about ransomware in a news report or an article online. Maybe you’ve heard the horror stories of business operations grinding to a halt following an attack, or companies forced to close up shop due to the costs of an attack.

Unfortunately, they’re not just stories; these attacks can and do occur, and when they hit, many companies are stuck between a rock and a hard place.

The reality is that ransomware is a serious concern for all businesses, no matter their size or the sector they work in, although small and mid-size businesses (SMBs) continue to be major targets.

Every industry is a ransomware target

The days when cyber attacks were exclusively a problem for large enterprises are long gone.

Cyber security is critical to businesses of all sizes, and as more workforces operate remotely and leverage internet-connected technologies to maintain operations, companies are facing a growing number of risks.

Unfortunately, ransomware threats have grown in lockstep with this transition.

The Canadian Internet Registration Authority’s (CIRA) 2020 Cybersecurity Report found that malicious software (malware) such as ransomware remains the top-of-mind concern for IT professionals, with 57% of CIRA’s respondents saying malware could have the greatest impact on their organization.

And according to Verizon’s 2020 Data Breach Incident Report (DBIR), ransomware is a growing threat and may be far more common than the data suggests, accounting for well over a quarter of all detected malware attacks. What’s more, nearly a third of all victims are SMBs.

So what makes ransomware particularly threatening to small businesses? It shouldn’t come as a surprise – the data you rely on to operate your small business is highly valuable to attackers looking to steal it, sell it, ransom it, or leak it. Adding fuel to the fire, small businesses often lack the resources necessary to put strong cyber security measures into place.

That’s why it’s more important than ever for SMBs to stay informed of the threats they face and secure their operations against an attack.

What is ransomware?

Starting with the basics, ransomware is a form of malware intentionally designed to block access to your computer, demanding a ransom payment (hence the name) to restore access. Ransomware attacks may lock data on your computers, smartphones, networks, or other internet-connected devices.

But for that to happen, attackers first need access.

How ransomware works

This access is most often obtained through phishing or similar social engineering tactics, where an attacker sends an email or text (or another digital message, possibly through a social networking site) that contains a link or attachment. These messages and links are designed to look as authentic as possible in an attempt to get users to click.

Clicking one of these malicious links or downloading a malicious attachment triggers the installation of ransomware, which (in most cases) will then encrypt the data on the device, making it inaccessible. The victim receives a message demanding payment if they want their data back.

Still, awareness of phishing and social engineering tactics may not be enough; some attacks target known security vulnerabilities, exploiting unpatched hardware or software to gain access.

What’s more, paying a ransom is no guarantee you’ll get access to your data again — in fact, paying up might even be illegal, depending on where you do business.

Even after major disruptions to your operations and the resulting financial loss, attackers might just take the money and run, making recovery even harder. Now you’re stuck reporting on a data breach and dealing with fallout as you explain the situation to customers, in turn creating lasting damage to your reputation.


Arm your employees with the cyber security knowledge they need. Get the Employee Cyber Security Handbook today.

Download now

Common types of ransomware

Ransomware’s widespread use over the last decade has resulted in a number of varieties. There is often significant overlap between each variant of ransomware, with individual types building off variants that have succeeded in the past. Ransomware is always evolving as attackers modify the techniques and tactics they use to extort payment, however here are three types common today:

Crypto ransomware

When most people think of ransomware locking up their files, chances are they’re thinking of crypto ransomware. This type encrypts the data on a device or network before demanding ransom, promising a decryption key if the victim pays up.

Crypto ransomware is by far the most common variety, with attacks frequently making headlines, including a recent attack on Canadian law firms. “At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” commented the Law Society of Manitoba. Major strains include WannaCry, b0r0nt0k, and Ryuk.

Locker ransomware

Locker ransomware, despite its name, does not encrypt data to extort payment from victims. Instead, this type of ransomware blocks access to files by locking users out, and in some cases will display a message claiming to be a law enforcement agency to extort a “fine” payment from users.

Reveton, one major strain, used a falsified message claiming to be from the FBI to scare users into paying.

Doxware or extortionware

Doxware (also known as extortionware) threatens to exfiltrate data from an infected device or network if a victim does not pay up, taking its name from the practice of “doxing,” or leaking highly sensitive personal data.

These attacks are highly targeted at organizations or users with sensitive data. Some attackers have used the Maze ransomware strain to seize data before leaking it publicly, and a recent attack on a UK-based university resulted in ransomed data being exposed online.

Defending against a ransomware attack

Defending against ransomware attacks may seem intimidating at first glance, but the truth is that even a few simple, easy-to-implement best practices can help protect your small business from an attack.

Back up your data

Regular backups of sensitive and important information can help ensure business continuity in the event of a ransomware attack. If an attack does lock up your IT systems, a recent backup can be restored on a clean, secure device or network to get your business up and running.

Update and patch software

Regular patching, updating, and maintenance help protect against or eliminate known cyber security vulnerabilities in your IT systems and network and prevent attackers from accessing your systems via the internet.

Protect systems connected to the internet

Using a DNS firewall will allow you to limit access to known malicious websites, helping defend against potential social engineering attacks while blocking malicious code and securing access to cloud apps and corporate websites.

Leveraging a virtual private network (VPN) can also help, giving workers a secure means of accessing corporate data or otherwise connecting to your network from remote locations.

Develop a culture of cyber security

Train employees to watch for and understand the tricks attackers use, spot and avoid potential phishing links, and flag requests for personal information or credentials.

Password policies, password managers, and multifactor authentication (MFA) can also provide ways for employees to take responsibility for keeping their devices and company data secure.

Use a cyber security solution

Staying ahead of ransomware demands a view into what’s happening across your IT environment. Tools that detect and respond to suspicious activity across your network, end-user devices, and cloud services can help you identify potential threats early.

Look for a simplistic cyber security solution that also prioritizes threats and provides guidance about the actions you can take to prevent ransomware infections.

Strengthen your cyber security today

Just because cyber attacks on SMBs are becoming more common doesn’t mean you’re powerless. Knowing what to look for, how to respond, and how to protect your small business can prevent costly downtime, data loss, reputational damage, and legal risks.

Arm your employees with the cyber security knowledge they need. Get a free copy of The Employee Cyber Security Handbook.