Data Protection Tool

SMB Ransomware: Why Businesses Face Big Risks from Attackers

Picture of David Mezic

David Mezic

Chief Technology Officer @ Invenio IT


SMB ransomware

Large organizations like the Colonial Pipeline get major media attention when they experience ransomware attacks, while incidents at smaller businesses rarely make headlines. This uneven level of attention might lull many small- and medium-sized business (SMB) owners into a false sense of security. While cyberattacks on major businesses get most of the publicity, SMB ransomware is in some ways a bigger threat.

More and more owners of small businesses have taken heed of ransomware, with a recent survey finding that 84% of SMBs are concerned about experiencing attacks. That concern, however, doesn’t always translate to action. Read on to learn why ransomware poses such a significant risk to SMBs and what you can do to protect your organization from this ominous threat.

What Is Ransomware?

Ransomware is a form of malicious software, better known as malware, that can infect a single computer or an entire network. Once they have access to your system, cyber attackers will encrypt your data and refuse to give you the decryption key unless you pay a ransom.

How Infections Begin

One of the ways to lower the odds of a ransomware attack is by cutting it off before it even has a chance to begin. To do so, it’s essential to understand where ransomware comes from.

Malware can infect your device in a number of ways. When it comes to ransomware, the most common attack vectors of 2021 were:

  • Phishing: Cyber attackers send out emails and text messages with malicious links or downloads. When an employee clicks on them, malware is installed and the ransomware attack begins.
  • Remote Desktop Protocols (RDP) credentials and brute force attacks: Ransomware has benefited from the rise of remote work and the use of RDP servers. Attackers exploit weak RDP systems by repeatedly attempting to log in or stealing employee credentials, which grants access to the device and the ability to launch a ransomware attack.
  • Vulnerabilities: Some software applications, particularly those that haven’t been patched or updated, are especially vulnerable to ransomware attacks. Cyber attackers seek out weak points and exploit them when looking for avenues to install malware.

Knowing how ransomware enters your system can help you take the necessary steps to protect it.

How Ransomware Works

No matter how malware invades your system, most ransomware attacks play out in a similar fashion. Once the infection has taken hold, a series of predictable (but dangerous) events are likely to occur:

  • The ransomware will use extensions to target certain file types on your system and encrypt them.
  • After encrypting the files, the malware installs a ransom note on your system. The note will tell you that your files have been encrypted, how much ransom you have to pay to receive the decryption key, and how to make the payment, which is generally demanded via cryptocurrency.
  • As this occurs, the ransomware will attempt to spread to other devices on your system, in an attempt to disable your entire network.
  • Some ransomware attacks, known as double extortion schemes, will also threaten to release sensitive data to the public if you do not pay the ransom.

At this stage, many businesses, large and small, feel compelled to pay the ransom and get their systems back up and running. Unfortunately, ransom payments aren’t the cure-all that businesses would like them to be. According to Sophos, businesses that make ransom payments are able to restore only 61% of their encrypted data, on average.

Potential Effects of a Ransomware Attack

Most small business owners know about the risks of natural disasters like fires, floods, and high winds, but they may not realize that ransomware can pose an equal or even greater threat. While a flood might damage or destroy your physical property, a ransomware attack can lock up your data, paralyzing your operations indefinitely.

Data is key to modern business operations. Consider just how much information your organization relies upon each day. Customer profiles, for example, contain email addresses, mailing addresses, names, and payment information that are likely to inform your marketing and sales planning, not to mention logistics. With a single click, this critical data might be at the mercy of a ransomware gang. Vulnerable files include:

  • Customer information
  • Credit card numbers
  • Inventory data
  • Financial records

In severe attacks, your business-critical applications and even your entire system can become completely nonfunctional, bringing your operations to a grinding halt until you can find a way to regain access to your data.

Why Are SMBs at Risk of Ransomware Attacks?

Like any money-seeking organization, ransomware gangs want to minimize costs and maximize profits. They are well aware that big businesses have likely spent significant funds on strengthening their protection against ransomware. In contrast, many SMBs feel like they don’t have the budget to implement stringent security measures. Thus, although the potential payouts might be smaller, the fact that it’s so much easier to attack SMBs makes them extremely appealing targets.

To put ransomware preparedness in better perspective, consider these numbers from a recent ransomware survey of SMBs:

  • 30% of SMBs don’t have a written plan to respond to a ransomware attack.
  • Of the SMBs that have a plan, 35% have gone six months or more without testing, which means that the plan may be outdated or ineffective.
  • 34% of SMBs don’t test employees to see if they are susceptible to phishing attempts.

All of these signs indicate that SMBs are not only at a heightened risk of experiencing an attack but also that many are woefully unprepared to respond if such an attack should occur. This creates a perfect storm in which ransomware can inflict permanent and devastating damage on unsuspecting businesses.

How Damaging is a Ransomware Attack for SMBs?

Businesses can lose revenue and customers as a result of a ransomware attack, and some never recover. According to a recent survey, 75% of SMBs said that they would only survive 3 to 7 days from a ransomware attack. Why are the statistics so grim? Let’s dig into the real-life effects of ransomware to discover the answer.

The Cost of Ransomware

Ransomware has proven to have expensive and extensive effects on SMBs. Looking at the actual numbers helps clarify the severity of the ransomware threat:

  • According to a 2022 mid-year report by cyber insurance company Coalition, the average cost of a cyber attack claim for a small business was $139,000, which is a crippling sum for many SMBs.
  • Ransom demands have steadily increased over the past several years, with the average demand in 2021 topping $750,000.
  • A 2021 survey by IBM found that the average cost of a data breach for companies with fewer than 500 employees was $2.98 million.
  • A 2021 survey by Cybereason found that 31% of businesses in the United States that experienced a ransomware attack were forced to close down.

No two ransomware attacks are exactly the same, which means that one business may experience relatively minimal financial burdens in comparison to other organizations. The risk, however, is high, and it’s better to build a strong system of protection rather than gamble on getting lucky with a low-impact ransomware attack.

Where the Money Goes

Imagine that your system is infected with malware and you receive a ransom demand for $500. That doesn’t seem like a terrible expense, so you pay it, decrypt your data, and move forward with your business. You have escaped from the ransomware relatively unscathed, and while you experienced a short period of downtime, there was no irreparable harm.

Unfortunately, this isn’t how a typical ransomware attack unfolds. Even small ransom requests can cost an SMB a lot of money. Why? Because the expenses of responding to the attack go far beyond the ransom payment itself. It’s impossible to predict just how much a ransomware attack will cost your business because there are so many different factors at play, but some of the possible costs include:

  • Data recovery and repairs
  • Paying ransom costs
  • Staffing personnel to respond to customer concerns
  • Paying fines or penalties
  • Hiring specialists like IT security consultants, lawyers, auditors and accountants, and public relations consultants

Ransomware attacks can also have less obvious effects on company morale and trust in your brand, which can snowball over time until they crush your business profits. In their 2022 data breach report, IBM explained that 60% of businessesraised their prices after a data breach, which can have long-lasting impacts on customer loyalty. Customers who continue to frequent your business following a data breach may then be turned off by increasing price tags.

How Can SMBs Prevent Ransomware Attacks?

Ransomware is rightfully painted as a nightmare, but the situation doesn’t have to be entirely bleak. SMBs can take steps to protect themselves, helping to ensure that an attack never takes place or that, if it does, they can react in a timely and efficient fashion.

Data Backups

Ransomware attacks capitalize on the importance of data and the knowledge that businesses will feel pressured to pay up and restore their files. Frequent, high-quality backups are the antidote to ransomware. If you have access to your files, you effectively take away the cyber attacker’s power.

Some businesses are reluctant to invest in backup solutions because of the cost. A recent survey found that 57% of SMBsare worried about having to decrease their cybersecurity spending because of inflation, putting a pinch on an already limited budget. Fortunately, there are affordable backup options available for SMBs with smaller storage capacity needs. These solutions, like those available for larger businesses, feature not only regularly scheduled backups but also ransomware protection.

Employee Training

It’s crucial to remember that human error is a significant factor in many of these attacks. According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches involved the human element, such as an employee accidentally clicking on a suspicious email, granting access to their login credentials, or failing to install updated software. This is not to say that your employees should bear the brunt of the blame if your company experiences an attack, but rather to emphasize the importance of training.

The cybersecurity training market is growing exponentially. It’s expected to reach $10 billion by 2027, and the timing couldn’t be better. Businesses that want to guard against ransomware have to prioritize effective employee training. Teaching employees how to identify malicious emails and questionable links is critical because this is such a common means of access for ransomware attackers.

Protective Measures

SMBs can employ other key measures to reduce the likelihood of a ransomware attack. These include:

  • Implementing access controls: Employee access to files should be limited to only what they need. Use the principle of least privilege, restricting access to files and revoking access as needed. A 2021 survey found that 25% of employees still had access to files from a previous job, which is essentially an open invitation to unauthorized file access.
  • Installing anti-malware software and firewalls: Put some guards at the gates of your network by installing strong anti-malware and anti-virus software on your devices. Upgrade your firewall settings to keep out data from known malicious IP addresses.
  • Updating and patching systems and software: Ransomware constantly changes, with new variants emerging every month. The only way to protect against these rapidly evolving threats is to update your software and patch your systems regularly. If you’re using older software that can’t be patched, replace it with a more modern version.

Taking these steps may not entirely eliminate the threat of ransomware, but it should help lower the chances substantially.

How Should an SMB Respond to a Ransomware Attack?

If the worst happens and you suddenly discover a ransom note on your work device, stay calm and avoid reacting hastily. Do what you can to stop the attack from spreading and make a plan of action, keeping a few central points in mind.

To Pay or Not to Pay

The immediate and pressing question facing SMB owners who are experiencing a ransomware attack is whether to pay the ransom. It’s tempting to do so because the attackers promise that payment will restore access to all of your data. Remember that while they may give you a decryption key, it in no way guarantees that your data will be fully restored.

In addition to that being a false promise, paying the ransom may simply open you up to more attacks in the future. A recent study discovered that 80% of businesses that paid a ransom experienced another attack. This isn’t entirely surprising. After all, from the cyber attacker’s perspective, you’ve proven that you’re willing to pay, so there’s no reason not to attack again. This is why many experts, including the Federal Bureau of Investigation, recommend that organizations never agree to pay ransoms in response to cyber attacks.


Some businesses that experience a ransomware attack attempt to cover up the incident, knowing that it can damage consumer confidence and ultimately decrease revenues. Investigators have found growing evidence that many organizations never publicly reveal ransomware attacks, and while this may help protect their bottom lines in the short term, it makes it much more difficult for law enforcement to identify ransomware gangs and reduce the likelihood of future attacks.

Rather than hiding their experience, businesses are better served by being transparent with regulators, law enforcement, and customers. Norsk Hydro, for example, took the initiative to shut down its own systems to prevent the ransomware from spreading, offered full details to law enforcement agencies, and was open and honest with customers about the status of their operations. This approach may have been more challenging, but it helped expedite the company’s recovery process and strengthened its reputation in the end.

Where Can SMBs Turn for Help with Ransomware?

Recent reports have indicated that ransomware attacks are on the decline, due in part to the increased focus of law enforcement, businesses’ reluctance to pay ransoms, and greater security measures. However, SMBs can’t afford to let their guard down. While fewer attacks are occurring, cybercriminals are placing more focus on smaller businesses, leaving those without protective measures in a dangerously vulnerable position.

When 67% of SMBs don’t think or aren’t sure that they are a ransomware target, and ransomware is increasingly targeting SMBs, the math doesn’t look good for small business owners. If you’re concerned that your business isn’t sufficiently prepared for a potential ransomware attack, speaking to the business continuity and disaster recovery experts at Invenio IT is a great place to begin. Whether you’ve already experienced an attack and need to recover your data, want guidance in selecting the best data backup solution, or simply aren’t sure where to begin, the team at Invenio IT is ready to help keep your SMB safe from ransomware.

Get the Ultimate Guide to Data Loss Prevention & Recovery for SMBs
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles