Jun 06, 2024

Ransomware Is Targeting Small Businesses

Ransomware gangs feed voraciously on small prey. They seek firms large enough to pay something but small enough to avoid media and law enforcement attention. Read through to learn how not to be caught unaware.

 

During the pandemic, data breaches disproportionately affected smaller companies; they were targeted at twice the rate of larger businesses. Since the pandemic, those same smaller companies have been struggling with COVID-19 fallout ranging from supply and labor shortages to bouts of inflation. All those preoccupations have left them more vulnerable to ransomware attacks.

Enemy at the gates

Typically, ransomware is triggered when an employee downloads an attachment or responds to a phishing or scam email. Ransomware can also penetrate a network through server vulnerabilities or an infected website. A third way that ransomware works is by sneaking in through security holes in older, unpatched versions of operating systems.

Once the ransomware has infiltrated, it will lock users out of their computers. Their devices will display a message demanding a ransom to unlock the hardware and restore access. The ransom is often payable only in bitcoin or other cryptocurrency. Those transactions are quick and easy, and because they are anonymous, difficult to trace. Although bitcoin is the most popular ransom currency, ethereum, zcash, monero or another may be stipulated. In the past, gift cards for Amazon or iTunes were popular for smaller scale extortion.

The ultimate damage may greatly exceed the cost of the ransom itself. Being locked out of computers or servers has a ripple effect, resulting in business downtime and the concurrent lost revenue, lost customers or lost new business, as well as negative publicity.

Prevention beats cure

It is essential to take precautions to ward off any impending threats:

  • Run antivirus software programs regularly.
  • Maintain a firewall.
  • Back up your business data systematically and store a copy away from your servers.
  • Train employees to open only trusted attachments.
  • Update security patches frequently.
  • Install two-factor authentication.
  • Buy a cyber insurance policy, even though costs have risen since COVID-19 and tighter underwriting often now requires multifactor authentication and encrypted data. (Your regular property and liability insurance policies may not cover you, as most exclude cyber damages.)
  • Monitor published security vulnerabilities.
  • Keep a registry of all your software, hardware and cloud data.
  • Put your emergency response plan in writing and share it.

Even if you religiously follow security best practices, ransomware may still break through. The first step in your response plan is to not panic. Take a photo of the infected screen before you unplug everything; pay particular attention to any deadlines mentioned. Next, try to isolate the infection by disconnecting any vulnerable hardware from the network.

Contact your help brigade, including your data privacy lawyer (or other attorney) and your cyber insurance company. It is a good idea to report the incident to your local FBI office too.

Next, implement your internal procedures:

  • Reset all passwords, since many computers are likely to be corrupted.
  • Notify your employees and customers.
  • If your screens are locked, get expert help to try to regain access.
  • Restore and back up the most recent data.

Paying up

Across the industry, many experts counsel victims against paying a ransom. The risks are like those of kidnapping: How do you know the gang will practice thieves' honor? What is the guarantee they will unlock your systems? Will they keep demanding further payments?

However, businesses are increasingly willing to pay to salvage their operations, so if you do succumb, you are not alone. Since 2020, the number of organizations that have paid ransom has risen by 5.4%, amid a 9% increase in attacks over the past two years.

Before transferring funds, at least consider requiring a so-called proof of life — evidence that the wrongdoers can decrypt and restore at least one file.

Talk to your security team and professional technical advisers about any other safeguards you can set up in advance.

©2024


 

MORE RECENT NEWS…


Sep 25, 2025

Social Security Fairness Act and Your Benefits

The Social Security Fairness Act repeals two long-standing rules that reduced Social Security benefits for many government and public sector workers. Read through to learn more about the act and whether these changes affect you.


Sep 24, 2025

Welcome Aboard: Tips for Successful Employee Onboarding

Congratulations! You've finally completed the demanding hiring process and you've made the right hire. You are now ready to welcome a new member to the team. Read through for some pro tips on best onboarding practices for the first day at work and beyond.


Sep 23, 2025

What Are the Best Payroll Practices?

Are you curious about the idea of a streamlined payroll process? It's a great way to make sure your entire payroll department is on the same page and operating with the same standards in mind. Read through for insights into the best payroll practices.


Sep 22, 2025

Know the Rules for Reimbursing Employees

When reimbursing employees for work-related expenses, are you using an accountable plan or a nonaccountable one? The difference affects how you report the payments and how your employee is taxed. Read through to learn the IRS rules and how to stay compliant.


Aug 29, 2025

Silver Workers: No Substitute for Experience

Once, employees approaching retirement age could look forward to a long, relaxing post-work life. For much of the 55+ crowd, this is no longer the case, with many forestalling retirement for as long as possible. Read through for advice on employing silver workers in your organization.


Aug 28, 2025

Show Me the Money: Creating a Salary Policy

For any company to treat their employees with respect and fairness, it needs to have a transparent pay equity policy in place that is shared with all employees. Read through to understand why creating pay equity is beneficial to your organization.




More News & Press can be found in our Archive.