Understanding the Threat of Ransomware to Small Businesses

Want a horror story?  It was for us and our client.

(Author’s note:  You’re going to see us NOT as we are now.  This is the STORY that changed everything in our company (software, processes, etc.)  So, as you’re reading this, realize we were acting like a TYPICAL Managed IT Services company.)

In 2018, we were offering security solutions for protecting our client’s servers and workstations.  We hadn’t done much research at the time on what truly worked and options and were offering what our vendor said was “Best of the Best.” (Which at the time was Bitdefender) So, we ran with it.  We made a decent margin and all the sales literature seemed good.  For this client, we had it installed on their workstations and server.

On this particular morning, their server showed offline and we called to find out that Spectrum was out there because of an outage.  Nothing major.  Later in the morning, we got another call that the “Server wouldn’t come up.”  Once we got there, we immediately saw it was infected with Ransomware.  Why didn’t Bitdefender prevent it?  After the client contacted the FBI to report it, we were told that this Ransomware would actually reboot the server, UNINSTALL Bitdefender, and then infect the server.  It also would destroy any backups it could find.  We again were using a backup solution recommended by a vendor, but what we didn’t know what that this solution wouldn’t tell you if the backup had been failing.  Guess what wasn’t available for us to use to restore?

So, here we have an infected server, no good recent backups, and a very angry customer.  40 man hours later (which we couldn’t bill), we had recovered most everything EXCEPT a Quickbooks company file, one the client REALLY needed.  They fired us.

It was at THAT point I vowed as a company we would NEVER go through this again.  We no longer trusted vendors but did our OWN research and tested EVERYTHING.  7 years later, NONE of out clients have had ransomware or any computer infection and our backup solutions are rock-solid and verified daily.

Lessons learned.

But, I wanted to share with others our knowledge and put together this page to let people know exactly what Ransomware was and resources to help should you become a victim.

So, What Is Ransomware?

Ransomware is malicious software designed to block access to a computer system or encrypt data until a sum of money, or ransom, is paid to the attacker. These attacks can paralyze business operations, leading to significant downtime and financial loss.  To learn more about Ransomware, please see the video at the end of this page for helpful information that explains what it is, how it works, and how to go about dealing with ransomware should your business be attacked.  Sometimes, video is a lot easier than reading.

The Growing Threat to Small Businesses

Now, small businesses are increasingly becoming prime targets for ransomware attacks. According to recent data, 82% of ransomware attacks are aimed at small businesses.

Well, this alarming trend is attributed to several factors:

• Limited Resources: Many small businesses lack the financial and technical resources to implement robust cybersecurity measures, making them vulnerable to attacks.  When cashflow is tight, they want to spend elsewhere.
• Lack of Awareness: Small businesses may not stay updated on the latest cybersecurity threats and best practices without dedicated IT departments.
• Perceived as Easy Targets: Cybercriminals often view small businesses as low-hanging fruit, assuming they have weaker security defenses than larger enterprises and often their employees aren’t trained as well on what to look for.

Consequences of Ransomware Attacks

Now, the repercussions of a ransomware attack on a small business can be pretty severe.  Here are just a few:

• Financial Losses: The average ransom demand has significantly increased, with the average ransom in 2024 reaching $2.73 million, nearly a $1 million increase from 2023.  If you are interested in more ransomware statistics, you can visit Varonis.com
• Operational Disruptions: Attacks can lead to prolonged downtime, halting business operations and affecting productivity.  If a server was to be hit, the average time to repair and restore data is 3 days.  Depending on your operation, this prolonged outage may not be feasible, and you will need a solution to get your company back up much sooner.  There are solutions we offer that can do images of your servers and allow one of those images to be made in a virtual version of your server, able to be accessed on the network in a matter of minutes.  If you want to discuss this technology, please Contact Us to learn more.
• Reputational Damage: Customers may lose trust in a business that fails to protect their data, potentially losing clientele.
• Legal Implications: Failure to safeguard customer data can have legal consequences, especially in industries subject to strict data protection regulations such as medical offices, dental offices, or any business that stores electronic customer financial data.

Preventing Ransomware Attacks

So how do you keep it from happening to you?  Well, implementing proactive measures is Step #1 to protect your business from ransomware threats:

• Regular Data Backups: Maintain up-to-date backups of critical data and store them offline or in secure cloud services. This ensures data recovery without yielding to ransom demands.  Make sure that you have a way to verify that the backups are successful or failing each day.
• Employee Training: Conduct regular cybersecurity awareness programs to educate employees about phishing attacks and safe online practices, which will also help prevent ransomware attacks.  We have done several of these as Lunch and Learn seminars and add humor to it as well to make it easy to enjoy and remember.
• Keep Systems Updated: Regularly update all software and systems to patch vulnerabilities that cybercriminals could exploit if ransomware enters a computer or network.
• Implement Strong Security Measures: Use reputable antivirus and anti-malware solutions, enable hardware & software firewalls, and employ intrusion detection systems to monitor network activity. A practical approach offers multiple layers of protection and doesn’t rely on a single software.  If you would like to learn more about the system we switched to, you can visit Comprehensive Cybersecurity and IT Services for Small and Multi-location Businesses
• Restrict User Access: Limit administrative privileges and implement the principle of least privilege to reduce the risk of unauthorized access.
• Utilize Multi-Factor Authentication (MFA): Implementing Multi-Factor Authentication (MFA) adds an extra layer of security, making it more challenging for attackers to gain unauthorized access.  Make sure your IT company also uses MFA to access any of the systems they use to do remote support for you.  This is another security step we implemented as well.

Responding to a Ransomware Attack

So what do you do if your business falls victim to a ransomware attack?  Well, expect a rough few days, but here are the basic steps you need to take:

• Isolate Affected Systems: Immediately disconnect infected systems from the network to prevent the spread of ransomware.  Unfortunately, ransomware is often programmed to launch itself after normal business hours or on the weekend to prevent someone from noticing what it’s doing.  This is why you need to have systems and software that will automatically do this if the network or computer is under attack.  Our company currently provides such a solution, and you can learn more about it on our Cybersecurity and IT Services for Small Businesses page.  Make sure to review the video to learn more.
• Assess the Situation: Determine the extent of the attack and identify the type of ransomware involved.  Most ransomware attacks will leave an identifier as a text file with instructions on paying the ransom.  You can copy and paste the contents of this file into Google or ChatGPT and ask it what version of Ransomware has attacked you to get this information.  Knowing this will help you find out if someone else has already created a way to repair the damage.
• Report the Incident: Notify relevant authorities, such as the FBI or local law enforcement (see resources below), and report the attack to cybersecurity agencies.  This is especially important if the information that was attacked included EPI (Electronic Patient Information).
• Do Not Pay the Ransom: Paying the ransom does not guarantee data recovery and may encourage further attacks.  Current ransomware statistics show that only 29% of people attacked decided to pay the ransom in Q4 of 2023.  Also, payment will be in Bitcoin so that the payment can be untraceable, and the process of obtaining Bitcoin is highly involved.  If you haven’t obtained Bitcoins or have a Bitcoin Wallet, you can expect a 1 – 2 day process to verify financial data and obtain the coins.  Since most Ransomware has a deadline to receive payment, should you decide to pay, you will be pressed to get it in time.
• Restore Data from Backups: Use clean backups to restore systems and data if available.  It is recommended that your data backup solution be a combination of onsite backup and secure cloud storage.  Again, make sure you are using a solution that reports backup successes and failures to you daily.
• Conduct a Post-Incident Analysis: Investigate how the attack occurred and implement measures to prevent future incidents.  This can often be time-consuming, but there are solutions available that will track all incidents that occur and provide an “attack map” to help track where the problem originated.  Again, the solution we offer will do this for you.  If your IT company doesn’t have such a tracking solution built in, they can take 1 – 5 days to figure out how it happened and will be very hesitant to turn everything back on again, slowing down your return to business.  Understand that if they don’t find the way in, it is quite possible that the “bad guys” will do it again, primarily if the way in is not found, AND you decide to pay the ransom.

Helpful Resources and Tools

Now, here are the websites and resources we found and used:

• Cybersecurity and Infrastructure Security Agency (CISA): Offers comprehensive ransomware protection and response guidelines.
• Federal Bureau of Investigation (FBI): Provides reporting mechanisms and resources for cybercrime victims.  You can visit the FBI’s Internet Crime Complaint Center (IC3) to report online.  But if the crime is urgent, you can call the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or use their direct email
• National Counterintelligence and Cyber Security Centre (NCSC): Offers advice and support for businesses to improve cybersecurity practices.
• Ransomware Decryption Websites:  Depending on the version of ransomware your files are encrypted with, there is the possibility for there already to be a decryption tool developed that would keep you from having to pay the ransom (not recommended) or restoring from a backup.  Here are the five best sites to look for a ransomware decryption tool:
  • No More Ransom Project
  • Avast Ransomware Decryption Tools
  • AVG Ransomware Decryption Tools
  • Kaspersky Ransomware Decryptors
  • Emsisoft Decryption Tools

Ransomware Educational Video

As mentioned at the beginning of this page, if you would like to learn more about Ransomware, you can review this video and learn about Ransomware Attack Explained in Cyber Security

Conclusion

Ransomware poses one of the most significant threats to small businesses, but you can reduce the risks with proactive measures and informed strategies. I will tell you that you will have to spend money to prepare.  Investing in cybersecurity awareness, implementing robust security protocols including security hardware and software, and preparing an effective response plan takes resources, but it’s necessary if you want to prevent ransomware attacks.

Hopefully, you found this information beneficial and would like to discuss your company’s cybersecurity position and determine if there are ways to be better enhance what you are currently using or investigate whether better solutions exist. Please Contact Us at Trinity Solutions, Inc. to arrange a time to discuss your company’s needs and see if there is a way to assist you.  We also recommend you review our Managed IT Services:  Cybersecurity service page for more information and our page, Comprehensive Cybersecurity and IT Services for Small and Multi-location Businesses, to have technology work together to prevent ransomware from entering your company’s network or computers.

Note: This article is for informational purposes only and does not constitute legal or professional advice.