Small Business Ransomware: What You Need to Know | Veeam (2024)

Table of Contents
Understanding Ransomware for Small Businesses Ransomware for Small Businesses Common Tactics Used by Cybercriminals How Do Ransomware Attacks Affect Small Businesses? Financial Implications Reputational Damage Legal and Regulatory Consequences Small Business Vulnerabilities How to Protect Your Small Business From Ransomware Collaborative Ransomware Solutions Engage With Industry and Government Cyber Resources Partner With Cybersecurity Providers Ensuring Regulatory Compliance Small Business Ransomware Case Studies St. Margaret’s Health: Spring Valley, IL Toronto Library System Lessons Learned Protect Your Small Business With Veeam Related Content FAQs References

It’s a common misconception that small businesses do not get attacked by cybercriminals as often, but unfortunately, bad actors do not discriminate. According to Veeam’s 2023 Data Protection Trends Report, 85% of ransomware attacks targeted small businesses.

The consequences of small business ransomware attacks are severe, and most small businesses can’t operate during a ransomware attack. Many also don’t have an incident response plan, and of those that did, nearly a third hadn’t tested their plans in six months. A high percentage of small businesses also report having to pay the ransom to regain access to their data.

The high cost of recovering data along with business interruption costs means that up to 60% of small businesses fail after a successful cyberattack.

While these small business ransomware statistics are worrying, those who take cyber resiliency seriously are better prepared to resist cyberattacks. In this article, we’ll provide practical tips on how to assess your vulnerabilities, what to do to protect yourself against ransomware, and how to recover from an attack without paying a ransom.

Key steps include implementing a ransomware response plan and ensuring your company has an affordable backup plan. A further layer of protection is ensuring you have immutable (i.e., unchangeable) backups stored offline that you can use for self-recovery.

Understanding Ransomware for Small Businesses

Cybercriminals understand that small businesses have limited financial and IT resources. They rely on this knowledge to extort small- to medium-sized businesses (SMBs) since they believe SMBs don’t have many options for recovering their data.

Ransomware for Small Businesses

Ransomware is malware that cybercriminals use to lock users’ computers so they can’t gain admission to files and company systems. Hackers often encrypt files so users can’t access them without a decryption key. They also frequently threaten to release private and sensitive company information to the public to pressure victims into paying a ransom.

Unfortunately, paying a ransom doesn’t necessarily mean the end of an attack. In fact, Veeam’s 2023 Ransomware Trends Report noted that while 80% of ransomware victims paid the ransom, 25% still couldn’t recover their data.

See Also
Understanding data breach and cyber liability coverageRansomware Attack - What is it and How Does it Work? - Check Point SoftwareThree Reasons Why You Should Never Pay Ransomware AttackersWhy Is Ransomware Becoming So Popular? - MonsterCloud

Common Tactics Used by Cybercriminals

Cybercriminals use a variety of tactics to infect victims’ computers with malware. The most common forms of ransomware attacks against small businesses are:

  • Phishing: Scam emails and text messages that trick users into supplying passwords and login credentials.
  • Malicious email attachments: Emails with attachments that contain malware.
  • Drive-by attacks: Malware downloaded from an infected website.
  • Software vulnerabilities: Using unpatched vulnerabilities on servers to gain access to computer systems.

How Do Ransomware Attacks Affect Small Businesses?

Successful ransomware attacks on small businesses have devastating consequences. Small businesses have limited resources in terms of people and money, so they often can’t afford to be out of business for any period of time. Other challenges include reputational damage and the possibility of legal and regulatory action.

Financial Implications

Aside from the direct cost that comes with paying a ransom, small businesses also face substantial recovery costs. This can include include loss of income, the cost of hiring cybersecurity specialists to identify and remove ransomware, and expenditure to strengthen security. Plus, at the end of the day, there’s still no guarantee the business will be able to recover the data encrypted by cybercriminals. Statistics from the 2023 Ransomware Trends report indicate that, on average, 15% of production data affected by a ransomware attack is lost.

Reputational Damage

Customers and suppliers quickly lose confidence following a ransomware attack, especially if hackers leak confidential company data. After an attack, there’s always suspicion, often rightly so, that the company was somehow negligent because it didn’t have secure data protection systems in place. A direct consequence of this loss of confidence is that the SMB’s customers start to feel vulnerable and take their business elsewhere.

Legal and Regulatory Consequences

Depending on the jurisdiction and the extent of the breach, companies may face multiple penalties from regulatory authorities, including:

  • Fines for non-compliance or for failing to adequately protect data.
  • Legal action in the form of individual or class action lawsuits.
  • Regulatory investigations into the cause and extent of a breach.
  • Remediation costs as part of taking corrective action for data vulnerabilities.

Companies are also often required to report data breaches to regulatory authorities and notify potentially affected parties. This only serves to compound the the negative impact to a brand’s reputation when a data breach occurs.

Small Business Vulnerabilities

Small businesses account for between 40% and 50% of the GDP. In the U.S., over 99.9% of companies are SMBs. Having an entrepreneurial approach, most SMBs are privately owned and funded and have small management teams. This makes them more vulnerable to cyberattacks for several reasons, including:

  • Limited IT expertise: Many SMBs rely on vendors to develop their IT systems and relatively few have dedicated IT teams. Of those who do, they still often have limited cybersecurity knowledge.
  • Budget constraints: Small companies have limited resources and don’t have the money to spend on complex cybersecurity measures.
  • Security gaps: SMB IT management ofteny doesn’t have the expertise to implement concepts such as Zero Trust, multi-factor authentication (MFA), and disaster recovery (DR) planning.
  • Backups: Many small businesses don’t adhere to or know about the 3-2-1 backup rule, especially the requirements to encrypt backups and keep some copies offline or on separate systems.

How to Protect Your Small Business From Ransomware

Ransomware protection for small businesses is a multifaceted process with three distinct layers. The first layer is to prevent an attack by strengthening your network against intrusion, the second is to implement a backup and recovery process, and the third is implementing incident response plan. Key steps include:

See Also
Ransomware Attacks: How They Happen, the Threats and Risks.

  • Employee awareness training: Train employees to recognize and defeat potential cyberthreats and explain that hackers use various techniques to trick employees into providing login and security credentials. The most common trick is phishing, but other techniques include tricking employees into clicking on malicious pop-ups and downloading infected software.
  • Cybersecurity measures: Develop a coherent cybersecurity strategy for your business. Cybersecurity best practices include strong authentication and access controls, network security, data encryption, and endpoint protection.
  • Backup and recovery plan: Have an effective backup and recovery plan, back up regularly, and keep multiple backups. Scan backups for malware and verify them by simulating the backup recovery process with an offline or virtual machine (VMs), and always encrypt your backups.
  • Incident response plan: Prepare a comprehensive ransomware response plan that specifies the steps to take in the event of an incident. Test and review your plan by simulating cybersecurity incidents, and make certain each team member knows their role in containing, eradicating, and restoring services.

Collaborative Ransomware Solutions

With the complexity of today’s modern infrastructure, it’s challenging for an SMB with a small IT department to keep track of all possible cybersecurity threats. However, you can largely overcome these limitations by networking with IT specialists and management from other companies, industry associations, and security providers.

Encourage your IT team to reach out to other IT managers at other companies in the area, including those you have a business relationship with. Set up task groups and meetings where you can discuss cybersecurity and share experiences and knowledge with one another.

Engage With Industry and Government Cyber Resources

Join industry associations to gain ongoing insights into cybersecurity issues. Examples include The Cyber Threat Alliance, the National Cybersecurity Alliance, and the Center for Internet Security. Federal resources include the FBI Internet Crime Complaint Center and the NIST Small Business Cybersecurity Corner.

Partner With Cybersecurity Providers

Consult with cybersecurity service providers and letthem perform a cybersecurity analysis and identify the gaps in your security. Contract with them to provide security and monitoring software, train employees on internet etiquette, and provide support services if you become a victim of a ransomware attack.

Ensuring Regulatory Compliance

Any small business domiciled in the EU or one that does business in those territories must comply with the EU General Data Protection Regulation (GDPR). These requirements strictly regulate data protection and data security and can impose huge penalties for data breaches, including data that’s made public due to cyber theft.

While there are no general or universal data protection laws in the U.S., numerous laws exist that can result in penalties for data breaches. Some of these laws include:

  • The Health Information Technology Act for Clinical and Economic Health (HITECH)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Driver’s Privacy Protection Act
  • Right to Financial Privacy Act

Many of these laws incorporate specific requirements to protect data and report data breaches and strict penalties may be imposed. Several states have strict data protection laws like the following:

  • California Privacy Rights Act
  • Virginia Consumer Data Protection Act
  • Colorado Privacy Act
  • New York’s Stop Hacks and Improve Electronic Data Security
  • Illinois Biometric Information Privacy Act

The bottom line is, there’s an obligation for SMBs to take active steps to prevent the theft or loss of data in the U.S., and failure to do this may lead to fines from authorities and lawsuits fromthe aggrieved parties.

Small Business Ransomware Case Studies

Here are three small business case studies that show the impact ransomware can have on a business.

St. Margaret’s Health: Spring Valley, IL

In 2021, a ransomware attack on St. Margaret’s Health Hospital in Spring Valley was the tipping point that led to the hospital’s closure. The attack affected the hospital’s billing systems, which meant it couldn’t submit medical claims to health insurers, including Medicaid and Medicare. It took several months to restore systems, the hospital was already in a difficult situation following the COVID-19 pandemic, and the losses arising from the ransomware attack pushed it over the financial cliff.

Toronto Library System

In October 2023, the Toronto Library system was hit by a ransomware attack that took down their entire service. The library refused to pay the ransom, but since they had no backups, it took weeks to restore limited in-library services, and their online library is still down, butexpected to return to service in early 2024.

Lessons Learned

These four examples illustrate the difference having a ransomware strategy in place can make for SMBs. In the successful recoveries, organizations detected the ransomware relatively quickly and had untainted backups available, so recovery was fast. In the other two incidents mentioned above, no backups were available, and the time to rebuild systems severely affected operations, resulting in closures and suspended services.

Protect Your Small Business With Veeam

Statistics show that small businesses are a priority target for ransomware. This is partly because small businesses don’t have the same level of IT security as large organizations, and so SMBs would rather pay the ransom than risk going out of business.

Besides the direct costs of a ransomware attack, SMBs face severe penalties if private or confidential data is stolen and shared. This is why companies should always encrypt their data. If a hacker or anyone else steals the data, it’s useless without the decryption key. To resist ransomware attacks, companies need strong cyber defenses and immutable backups. Being cyber resilient no longer an option, it’s a necessity.

Don’t lose your business. Protect your data with Veeam Backup Solutions for Small Businesses.

Related Content

  • Small Business Data Protection Best Practices
  • Ransomware Defense: Detect and Respond to Attacks
  • Ransomware Recovery: A Comprehensive Guide to Save Your Data
  • Ransomware Trends: 2023 Global Report
  • Common Types of Ransomware
Small Business Ransomware: What You Need to Know | Veeam (2024)

FAQs

What is the 3 2 1 rule for ransomware? ›

3 – Keep three copies of any important file: one primary and two backups. 2 – Keep the files on two different media types to protect against different types of hazards. 1 – Store one copy – or “go bag” – off-site (e.g., outside the home or business facility).

Tell Me More
What do you need to know about ransomware? ›

What happens if you get ransomware? Ransomware attacks work by utilising cryptography that uses two keys to encrypt and decrypt files. The attacker holds the decryption key until you pay the ransom. It is almost impossible to decrypt your files without the decryption key.

Learn More
How does ransomware affect small businesses? ›

Successful ransomware attacks on small businesses have devastating consequences. Small businesses have limited resources in terms of people and money, so they often can't afford to be out of business for any period of time. Other challenges include reputational damage and the possibility of legal and regulatory action.

View More
What is the first thing you should do if your company is facing ransomware? ›

First, disconnect the infected computer or device from your network. If your data has been stolen, take steps to protect your company and notify those who might be affected. Report the attack right away to your local FBI office. Check to see if you can restore your systems from back-ups.

Show Me More
What is the first action to take against ransomware? ›

Immediately disconnect your infected device from any network, Wi-Fi, or Bluetooth connection. Also, remove any external drives or USBs connected to the infected machine. This will prevent the ransomware from spreading across the network.

View More
What do ransomware hackers want? ›

Financial Losses: Ransomware attacks are designed to force their victims to pay a ransom. Additionally, companies can lose money due to the costs of remediating the infection, lost business, and potential legal fees. Data Loss: Some ransomware attacks encrypt data as part of their extortion efforts.

Keep Reading
Can ransomware spread through WiFi? ›

Yes, ransomware can move through wifi networks to infect computers. Ransomware attacks that sleuth through wifi can disrupt entire networks, leading to severe business consequences. Malicious code that translates to ransomware can also spread across different wifi networks, operating as a computer worm does.

Show Me More
Do companies usually pay ransomware? ›

Companies aren't paying ransoms like they used to. Fewer ransomware victims are paying up when faced with a ransomware attack, according to a new report from ransomware negotiation firm Coveware. Why it matters: Malicious hackers are opportunistic and follow the money.

Discover More Details
How much does ransomware cost small businesses? ›

If your organization is hit with a ransomware attack, it's going to cost you. According to Verizon's "2023 Data Breach Investigations Report"(DBIR), released earlier this month, the median loss to a ransomware attack has risen to $26,000 and can go as high as $2.25 million.

Explore More
Which industry has the most ransomware attacks? ›

In our own research, Cybereason found the industry verticals most likely to have been affected by a ransomware attack included legal (92%), financial services (78%), manufacturing (78%), and human resources services (77%). What makes some sectors more likely to pay a ransom than others?

Get More Info

What advice would you give a company to avoid ransomware? ›

Limit User Access Privileges

Another way to protect your network and systems is limiting user access and permissions to only the data they need to work. This idea of "least privilege" limits who can access essential data. By doing so, you can prevent ransomware from spreading between systems within a company.

Keep Reading
How do companies respond to ransomware? ›

Small businesses should report ransomware attacks to the local FBI field office and the provider of your anti-malware software. Employees in larger organizations should immediately report ransomware incidents to the IT helpdesk or cybersecurity office.

Continue Reading
Do companies have to report ransomware attacks? ›

CIRCIA specifies that covered entities must report cybersecurity incidents within 72 hours after the entity reasonably believes a covered incident has occurred, and 24 hours after making a ransomware payment, and also authorizes CISA to request information and compel information disclosure through enforcement actions.

See Details
What is the 321 rule in cyber security? ›

As a widely embraced data backup strategy, the 3-2-1 Rule prescribes: Maintain three copies of your data: This includes the original data and at least two copies. Use two different types of media for storage: Store your data on two distinct forms of media to enhance redundancy.

Learn More Now
What is the 3/2-1-1 rule? ›

A 3-2-1-1-0 strategy stipulates that you: Maintain at least three copies of business data. Store data on at least two different types of storage media. Keep one copy of the backups in an off-site location.

Continue Reading
What is the 3-2-1 1 rule for backup? ›

The Easiest 3-2-1 Backup

You have three copies of your data: One on your computer, one on your hard drive, and one in the cloud. You store your data on two different devices: Your computer and your external hard drive. (Technically, three devices, since your data is also stored in the cloud).

Know More
What are the two main defenses against ransomware? ›

Comprehensive antivirus and anti-malware software are the most common ways to defend against ransomware. They can scan, detect, and respond to cyber threats.

Keep Reading

References

Top Articles
How to build a diversified portfolio of ETFs
11 Most Essential Stock Chart Patterns
May 2023 - International Association of Geodesy
Tracy Dubb Father
channel 4 star found dead: Latest News & Videos, Photos about channel 4 star found dead | The Economic Times - Page 1
How to Stay Up-to-Date with ontpresscom fresh updates - Junior H
Movies playing in Southeast Michigan, new releases July 3
North American Society for the Psychology of Sport and Physical Activity
Performance Revenue Login
Eureka Math Grade 3 Module 5 Lesson 17 Answer Key
Garrison Funeral Home Obituaries | Garrison, TX | 75946
SID ROBERTS FUNERAL HOME Memorials and Obituaries | We Remember
Latest Posts
Historical Events, World-Changing Moments: Top 10 Turning Points In History - MemoryCherish
How to Trade Forex with No Money: A Comprehensive Guide
Article information

Author: Roderick King

Last Updated:

Views: 6232

Rating: 4 / 5 (71 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Roderick King

Birthday: 1997-10-09

Address: 3782 Madge Knoll, East Dudley, MA 63913

Phone: +2521695290067

Job: Customer Sales Coordinator

Hobby: Gunsmithing, Embroidery, Parkour, Kitesurfing, Rock climbing, Sand art, Beekeeping

Introduction: My name is Roderick King, I am a cute, splendid, excited, perfect, gentle, funny, vivacious person who loves writing and wants to share my knowledge and understanding with you.