Jun 06, 2024

Ransomware Is Targeting Small Businesses

Ransomware gangs feed voraciously on small prey. They seek firms large enough to pay something but small enough to avoid media and law enforcement attention. Read through to learn how not to be caught unaware.

 

During the pandemic, data breaches disproportionately affected smaller companies; they were targeted at twice the rate of larger businesses. Since the pandemic, those same smaller companies have been struggling with COVID-19 fallout ranging from supply and labor shortages to bouts of inflation. All those preoccupations have left them more vulnerable to ransomware attacks.

Enemy at the gates

Typically, ransomware is triggered when an employee downloads an attachment or responds to a phishing or scam email. Ransomware can also penetrate a network through server vulnerabilities or an infected website. A third way that ransomware works is by sneaking in through security holes in older, unpatched versions of operating systems.

Once the ransomware has infiltrated, it will lock users out of their computers. Their devices will display a message demanding a ransom to unlock the hardware and restore access. The ransom is often payable only in bitcoin or other cryptocurrency. Those transactions are quick and easy, and because they are anonymous, difficult to trace. Although bitcoin is the most popular ransom currency, ethereum, zcash, monero or another may be stipulated. In the past, gift cards for Amazon or iTunes were popular for smaller scale extortion.

The ultimate damage may greatly exceed the cost of the ransom itself. Being locked out of computers or servers has a ripple effect, resulting in business downtime and the concurrent lost revenue, lost customers or lost new business, as well as negative publicity.

Prevention beats cure

It is essential to take precautions to ward off any impending threats:

  • Run antivirus software programs regularly.
  • Maintain a firewall.
  • Back up your business data systematically and store a copy away from your servers.
  • Train employees to open only trusted attachments.
  • Update security patches frequently.
  • Install two-factor authentication.
  • Buy a cyber insurance policy, even though costs have risen since COVID-19 and tighter underwriting often now requires multifactor authentication and encrypted data. (Your regular property and liability insurance policies may not cover you, as most exclude cyber damages.)
  • Monitor published security vulnerabilities.
  • Keep a registry of all your software, hardware and cloud data.
  • Put your emergency response plan in writing and share it.

Even if you religiously follow security best practices, ransomware may still break through. The first step in your response plan is to not panic. Take a photo of the infected screen before you unplug everything; pay particular attention to any deadlines mentioned. Next, try to isolate the infection by disconnecting any vulnerable hardware from the network.

Contact your help brigade, including your data privacy lawyer (or other attorney) and your cyber insurance company. It is a good idea to report the incident to your local FBI office too.

Next, implement your internal procedures:

  • Reset all passwords, since many computers are likely to be corrupted.
  • Notify your employees and customers.
  • If your screens are locked, get expert help to try to regain access.
  • Restore and back up the most recent data.

Paying up

Across the industry, many experts counsel victims against paying a ransom. The risks are like those of kidnapping: How do you know the gang will practice thieves' honor? What is the guarantee they will unlock your systems? Will they keep demanding further payments?

However, businesses are increasingly willing to pay to salvage their operations, so if you do succumb, you are not alone. Since 2020, the number of organizations that have paid ransom has risen by 5.4%, amid a 9% increase in attacks over the past two years.

Before transferring funds, at least consider requiring a so-called proof of life — evidence that the wrongdoers can decrypt and restore at least one file.

Talk to your security team and professional technical advisers about any other safeguards you can set up in advance.

©2024


 

MORE RECENT NEWS…


Jul 03, 2025

What To Know About Fringe Benefits and Taxes

When you provide workers with additional benefits on top of their regular pay, some may be taxable. As the rules can get complicated, it pays to familiarize yourself with the requirements. Read through for an overview of which benefits are taxable.


Jul 02, 2025

Working 'Off the Clock': What Employers Need To Know

Disputes over unpaid work time often arise from tasks performed outside official hours — for example, answering emails, traveling between jobsites or changing into work clothes. Employers must understand when these activities count as compensable work. Read through to learn how exempt and nonexempt statuses affect wage obligations.


Jul 01, 2025

Are You Considering Pay-As-You-Go Workers' Comp Insurance

Workers' comp insurance is essential for most businesses, but as an employer, you may have more options than you realize. Read through for an introduction to the pay-as-you-go model and the advantages of outsourcing it.


Jun 30, 2025

Paid and Unpaid Breaks: What Employers Need To Know

Employers must ensure that break policies comply with wage laws, especially when employees work through lunch, answer emails after hours or remain on call. Similarly, misclassifying paid and unpaid breaks can lead to wage violations and legal risks. Read through for key guidelines on tracking break time and maintaining compliance.


Jun 04, 2025

What Is Key Person Insurance and Do You Need It?

Have you heard of key person insurance? This is a type of life insurance policy that may positively benefit your business’s continuity, though it has both tax and financial implications. Read through to see whether key person insurance is right for your company.


Jun 03, 2025

Is This Your Situation: Managing Tax Rules for Part-Time or Seasonal Help

Do you have questions about the tax treatment of payments for part-time and seasonal help? These employees are subject to the same rules that apply to all employees — with some twists. Read through for some help on tax rules regarding part-time and seasonal help.




More News & Press can be found in our Archive.