Ransomware Remains a Threat to Small Business in 2018

Ransomware Remains a Threat to Small Business in 2018 | CyberDot™

Why Ransomware Remains a Threat in 2018

What is ransomware?

Ransomware is a particularly harmful variant of malware that targets businesses and individuals with tactics that can cause significant financial losses, operational downtime, reputational damage and even personal embarrassment. Although there are many kinds of ransomware, they are typically used to financially extort the victim by stealing or encrypting sensitive information and holding it ransom until payment is remitted. Recent highly publicized ransomware viruses include WannaCry, Cryptolocker, and Locky. These pernicious programs affect thousands of companies across all industries. For those concerned with owning and operation small to medium-sized businesses, it is not necessary to understand the precise technical methods employed by these viruses; it is only critical to understand their ubiquity, potential harm, and what to do when affected.

How does ransomware work?

Essentially, ransomware prevents the user(s) from accessing data or systems that are critical to running the business. Depending on the type of virus, ransomware is usually designed to “steal” data by copying it to an external location or encrypting company-owned files in a way that can only be undone by the attacker providing a decryption method. Sometimes ransomware is also used to steal incriminating or exploitative information (such as sexually explicit content) that the owner would not want to be publicly released. Not all ransomware is sophisticated or complex; some viruses will simply lock the user’s screen until a small payment is made and access is restored.

One of the most infamous ransomware viruses is called Cryptolocker, which has caused significant losses and is estimated to have produced at least USD $27 million in payments to the operators (as of 2017). Cryptolocker targets victims as an innocuous e-mail message containing a ZIP file attachment. The message is designed to appear as if it had been sent by a real company. Once the virus is installed it notifies users that their files are encrypted and demand a USD $400 payment within 72 hours or the data will remain encrypted and impossible to recover. Unfortunately, Cryptolocker is notorious for not actually restoring access to the affected information, causing small businesses twice the damage.  

Similar to most ransomware, Cryptolocker requires payments to be made in Bitcoin. Cryptocurrencies are often the preferred method of payment for ransomware operators because it circumvents traceable bank account information and applications. The financial demand from ransomware varies greatly depending on the virus and the target. Reported payouts from different forms of ransomware range from several hundred to tens of thousands of dollars.

Who is at risk?

A recent publication from the technology solution provider Datto reported that approximately 1 in 20 small businesses worldwide have been affected by some type of ransomware. Experts agree that the risk of small businesses suffering a ransomware attack will only increase in the near future as these targets adopt security solutions more slowly than large enterprises. Other notable discoveries in Datto’s report include the following:

  1. Enterprise-level security software cannot provide sufficient protection from ransomware.
  2. Up to 26 percent of the cloud-based software used often by small businesses are also at risk of exposing them to a ransomware attack.
  3. Small businesses paid out an estimated USD $301 million in ransoms last year.
  4. Of those that paid the ransoms, 15% still did not receive access to their data.   
  5. While the range of impacts includes significant financial harm and loss of data, small business suffers most from the operational downtime caused by ransomware.
  6. Cryptolocker remains the most common ransomware used against small businesses.  

Why are small businesses targeted?

Even though small businesses do not have substantial financial resources, they are easy targets due to notoriously poor security practices, including:

  1. Poor data backup protocols.
  2. Insufficient training on how to spot and avoid social engineering attacks (like e-mail phishing).
  3. Heavy reliance on systems with easily exploited vulnerabilities.
  4. Small business personnel are typically too busy to exercise proper caution during the normal course of business communications.
  5. Operational impacts are likely to be so costly that they will simply pay the cost to restore capacity.
  6. One of the most common methods of attack is through malicious e-mail attachments through which small businesses receive payments, invoices, etc.  

What should you do if compromised?

If a compromise is discovered, begin by determining if there is a backup of the affected information. If there is a reliable and usable back-up of the data, then it is possible that the ransom can be ignored. Knowledgeable cyber security partners or managed service providers should always be consulted before taking action. Cyber security experts recommend the following protocols for dealing with ransomware:

  1. Document your actions and the ransomware activity for law enforcement and/or incident response.
  2. Check to see if there is an available vendor solution for this ransomware that would allow data recovery or virus removal.  
  3. Consider paying the requested ransom on the advice of professionals. Run a quick Internet search to see if the ransomware operators actually accept payment, or if they keep the money without releasing the data.
  4. If the ransom is paid, immediately isolate and repair the breach point, or implement training to avoid a future compromise.

What mitigation techniques are available?

There are numerous software options available for ransomware protection. However, basic security practices will go a long way in providing safeguards against an attack. For a comprehensive list, see our recent article on common cybersecurity mistakes and recommended best practices for small businesses. Minimal security measures should include:

  1. Frequently backing up and securely storing essential data.
  2. Training personnel on how to respond to ransomware.
  3. Updating systems and software according to manufacturer recommendations (check for emergency updates, too).  
  4. Purchasing Cyber Insurance Policy (remember that the business owner is held liable by their customers for decisions regarding how their data is handled, even if they have chosen to outsource with cloud-based software).


Defensive security practices alone are not sufficient to guard SMBs against the numerous threats presented by rampant, vicious ransomware. There is no one-size-fits-all, total security solution that will prevent ransomware attacks. But, following general best practices and protecting the business with comprehensive cyber insurance is the best available option for defending against a breach and allowing the business to recover quickly if an attack is successful.  


Get coverage

Running a business is challenging enough without having to worry about cyber liabilities and lawsuits. You are one click away from getting the vital coverage your business needs.