Proven Methods for Combatting SMB Ransomware

by Nov 12, 2019Security

SMB ransomware is the most prominent malware threat today, causing significant downtime and financial losses for businesses in every industry.

While ransomware hurts companies of all sizes, small to mid-sized companies (SMBs) tend to face far greater obstacles when recovering from an attack. A quickly spreading infection can be devastating for a small business that has limited resources to sustain a prolonged outage.  And if the business can’t reopen its doors quickly enough, statistics show it may never happen.

Thankfully, there are several effective ways that SMBs can protect themselves from an attack. Here’s everything you need to know.


How does ransomware work?

Ransomware is a form of malware that encrypts files on your computer and demands you pay the attackers to restore the data.

The encryption makes your files inaccessible, including application data and operating system files. This can sometimes render the entire PC unusable. To make matters worse, most SMB ransomware is designed to spread across a network, infecting as many files as it can reach. So while an infection typically begins on a single PC, it can quickly infect every computer on the network, as well as data that’s synced to the cloud.


A small-business killer

A recent report by Datto revealed that 1 in 5 SMBs have fallen victim to a ransomware attack. And the threat isn’t going away anytime soon.

How is it so destructive?

In a typical ransomware attack, a small business’s operations come to a halt. With applications and computers unusable, workers can’t do their jobs to keep the business running. For a small doctor’s office, for example, this could mean being unable to accept patients or access their records. For a manufacturer, it could mean halting production and being unable to fulfill orders.

Revenue losses quickly mount, along with the skyrocketing costs of idle workers and emergency IT expenditures. A well-documented statistic from FEMA states 90% of small businesses fail within a year if they can’t resume operations within 5 days after a disaster. That is how ransomware kills SMBs.


Should you pay the ransom?

In short, no.

Infected PCs will typically display a message with instructions for paying a ransom with cryptocurrency. Upon receipt of payment, the attackers are then supposed to provide the decryption keys needed to unlock your data.

But it doesn’t always work that way. There’s no guarantee that you’ll receive the promised keys after you pay the ransom. In fact, 4% of IT providers in a recent survey said their clients paid a ransom but never got their data back.

Additionally, the FBI warns that paying the ransomware only makes things worse for everyone: “Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”

Paying a relatively nominal ransom may seem tempting when trying to restore data, but most IT experts agree it should only be considered as a last resort.

The single best defense against SMB ransomware

Below, we provide several strategies that can help to significantly minimize the risks of a ransomware infection. But even with those measures implemented, attacks can still happen. This is why the most important layer of defense is a data backup system.

When an attack occurs, businesses can restore a backup to get their data back. And as long as the backup was performed before the infection took root, then the threat is removed as well.

SMBs are encouraged to deploy a robust business continuity and disaster recovery solution that can protect the entire infrastructure and enable a rapid recovery. Jump below for more tips on what to look for.


How does a ransomware infection happen?

Ransomware typically infects a computer in one of two ways:

  • Human interaction with malicious web content (phishing emails, infected attachments, malicious websites, etc.)
  • Software / operating system vulnerabilities that are exploited by hackers


The first method is the most common, relying on human error to infiltrate networks or steal credentials to lay the groundwork for future infections.

System vulnerabilities have been the cause of the most high-profile ransomware attacks, like WannaCry and NotPetya, which together affected more than 200,000 computers in 150 countries around the globe.

Here are some key ways to combat both methods.


Cybersecurity training is a must

Since most SMB ransomware attacks occur because employees get duped, a little bit of cybersecurity training can go a long way.

Every small business should incorporate cybersecurity education into their onboarding process and via ongoing training at least once a year.

Examples of what to cover in your training:

  • How to spot a phishing email or other suspicious messages
  • What to do with attachments and URLs from unknown senders
  • The risks of ransomware and how it can hurt the business
  • Policies for connecting personal devices to the company network
  • Safe web browsing guidelines


Patch and update all devices and software

Keeping software updated is the most critical defense against the forms of ransomware that target system vulnerabilities.

When WannaCry struck thousands of computers around the world in 2017, it exploited a known vulnerability in Windows. Windows had released patches for the vulnerability a month prior, but many organizations did not act quickly enough.

The widespread impact of WannaCry exposed a serious problem among the business community: too many aren’t taking patches seriously.

Enabling automatic software updates and O/S patches, or using a centralized patch management system, is essential for preventing these unnecessary infections.


Prevent unauthorized applications from loading

Application whitelisting is an effective way to block ransomware and other malicious software from executing.

By whitelisting approved software, any unknown applications won’t be able to run. So if a user inadvertently opens an infected email attachment, or visits a website that tries to drop ransomware onto the PC, those programs theoretically won’t be able to execute.

Sometimes ransomware can be hidden in other files, such as a Word document or Excel spreadsheet. For added protection against these threats, it can help to disable macro scripts from Office files transmitted via email and use Office Viewer software to preview such files before they’re fully opened.


Restrict file access wherever possible

One infected PC is generally far more manageable than dozens or hundreds. When ransomware is allowed to spread across a network, it disrupts every corner of the organization and makes recovery a lot more challenging.

This is why steps should be taken to prevent the spread of ransomware, in addition to measures for preventing the infection itself. Use access controls to limit users’ accounts to only the files and folders they need. By configuring these restrictions with the principle of “least privilege” in mind, ransomware that originates from a user’s account won’t be able to spread across all file directories on the server. It will be limited to the folders that the user can access, thus preventing the infection from growing out of control.


How to choose the right backup system

As we’ve seen over the last two years, even companies that maintain data backups can take weeks to fully recover from a ransomware attack. But often that’s because businesses are using inadequate or outdated backup products that do not provide the kind of protection needed to combat a sprawling infection.

In the age of ransomware, businesses need to be able to take frequent backups – not just of individual files, but the entire infrastructure, including application data, folder structures, configurations and so on.

Equally important is the ability to restore those backups quickly, so that small businesses can keep running with little interruption to their critical operations.

Here are some tips on choosing a business continuity solution that can provide those critical layers of protection.


Virtualize backups for faster access

Virtualized backups enable businesses to regain access to their files and applications in a matter of seconds, rather than waiting for a full data recovery.

By spinning up the backup as a virtual machine, businesses can maintain their critical operations during a ransomware attack. Look for backup solutions that offer both on-site virtualization (directly via the on-premise backup device for greater speed) and off-site virtualization (so that recoveries can be performed from virtually anywhere, without being tied to the physical infrastructure).


Fast restore of recent data changes

Robust SMB backup systems can quickly restore encrypted data back to its original state without the need to restore an entire machine.

In BC/DR solutions from Datto, this capability is referred to as Rapid Rollback. It’s developed specifically for situations like a ransomware infection, in which widespread file changes have occurred. Rapid Rollback lets you quickly identify the files that changed since the last backup, so you can restore only those files.

The speed and efficiency of this recovery makes it ideal for ransomware attacks, as well as similar situations involving unwanted file changes, such as buggy software updates or mishandled data migrations.


Built-in ransomware detection

The faster you respond to a ransomware attack, the less of a disruption it will cause.

Datto helps SMBs with this challenge by incorporating ransomware detection into its backup platform. Each new backup is actively scanned for signs of a ransomware infection, such as large amounts of data being quickly modified, renamed, etc. When something seems amiss, administrators are automatically alerted, so they can take action and roll back to a clean date before the infection has a chance to spread.


A final word

Remember, all of the capabilities and recommendations above won’t guarantee that your business will remain free of ransomware.

However, with a multi-layered continuity strategy that combines preventative measures with a dependable data backup system, you can greatly minimize risk and ensure that you’re able to quickly get back to business after an attack.


Get more information

For more information on how you can protect your critical data from ransomware and other threats, request a free demo of BC/DR solutions from Datto. Contact our business continuity experts at (646) 395-1170 or email

New call-to-action

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!