How to Prevent Ransomware for Small Business

Ransomware is a mounting digital menace that focuses on businesses, especially small enterprises. These threats encrypt a victim’s files, demanding a ransom that can hamper operations, tarnish brand reputation, and result in financial loss. Knowing how to prevent ransomware is essential. Strategies include employee training, consistent backups, timely system updates, and cultivating a cybersecurity-aware culture.

Every small business, with its dreams and ambitions, takes on the digital world hoping to expand its reach. But, as with every adventure, there are unforeseen risks. Among these threats is ransomware, a rising type of cyber attack that casts shadows even on the sunniest of digital ventures.

In a recently State of Ransomware 2022 study with Sophos Labs, 5,600 IT professionals from mid-sized organizations across 31 countries were surveyed. The study found that ransomware attacks have increased, and are significantly more sophisticated. Not only that, but they have a significant effect on a business’s success. More than 86% of companies in the private sector surveyed lost business or revenue because of ransomware.

Let’s explore why this particular threat is causing waves in the small business community and how you can rise above it.

What is ransomware?

In the vast digital terrain, ransomware emerges as one of the more menacing predators. But what exactly is it? At its core, ransomware is malicious software designed with a singular mission: to deny users access to their own data. This is achieved by encrypting the victim’s files, essentially putting a digital lock on them. The only key? A ransom payment, often demanded in cryptocurrency, made to the cybercriminal.

However, it’s not just about locking you out. Modern ransomware attacks also threaten to publish or permanently delete the victim’s data if the ransom isn’t paid within a set timeframe. For small businesses, this could mean losing access to vital client data, financial records, or operational software. It’s digital extortion, and its impacts can be devastating.

“Safe” doesn't cut it.
Secure your business with EarthLink Protect+
Try our comprehensive suite of defensive tools free for 30 days.

Types of ransomware

The world of ransomware is not one-size-fits-all. There are different strains and types, each with its own modus operandi. Here’s a brief overview of the most common ones:

  • Crypto Ransomware: This is the most prevalent type. As the name suggests, it focuses on encrypting files on the victim’s system, making them inaccessible. The decrypting key is offered in exchange for the ransom.
  • Locker Ransomware: Unlike its cryptographic counterpart, locker ransomware locks users out of their devices, denying access to all functionalities. The files remain unencrypted, but the user can’t access the device without paying the ransom.
  • Doxware or Leakware: This type threatens to release sensitive data to the public unless the ransom is paid. For businesses, the release of confidential client or company data could have dire consequences.
  • RaaS (Ransomware as a Service): A sinister business model where cybercriminals offer ransomware services to others, typically for a share of the profits. This has allowed even those with limited technical skills to launch attacks.
  • Mobile Ransomware: With the rise of smartphones, ransomware has also evolved to target mobile devices, locking users out of their phones or encrypting specific valuable files.
  • Scareware: While less destructive, this type poses as legitimate security software, alerting users of fake threats and demanding money for problems that don’t actually exist.

For small businesses, understanding the landscape of ransomware types can aid in better preparation and foster a more robust defense against potential threats.

Deciphering ransomware

Ransomware is no longer a term limited to tech gurus. It’s a buzzword and, unfortunately, a reality for many. Essentially, ransomware is a form of malicious software that holds your data hostage, locking you out until a ‘ransom’ is paid.

Imagine coming to your shop one day and finding a big lock on the door with a note demanding payment for entry. That’s ransomware in the digital realm. For a small business, the stakes are high. It could mean no access to client databases, inventory systems, or operational tools — a potential nightmare.

Even worse, it could mean exposure of sensitive data and private information. Cyber criminals are not only encrypting files, but also threaten to release victim data if the ransom isn’t paid. The use of these tactics in tandem is called “double extortion,” according to the Cybersecurity & Infrastructure Security Agency.

How can ransomware be delivered?

Often, it sneaks in through deceptive means. An email that looks like it’s from a trusted vendor could actually be a phishing email hiding ransomware. A software update prompt? That could be another ruse, full of malicious code.

The most common tactics used by cybercriminals to implement a ransomware infection are:

  • Email phishing
  • Remote Desktop Protocols
  • Software vulnerabilities

The most common is email phishing, thanks to its scalability and ease at which criminals can reach multiple victims at once.

Why small businesses should be concerned about ransomware

Ransomware isn’t just a buzzword; it’s a real and tangible threat, especially for small businesses. For many, the digital realm represents new opportunities and growth. However, this space is also filled with unseen dangers.

When it comes to these types of threats, small businesses are the prime, ideal target. More than 80% of ransomware attacks target small businesses, according to a report by ransomware recover specialists Coveware. It’s a threat to any business, but companies with less than 1,000 employees are proven to be the most at-risk.

Small businesses, often lacking the extensive IT infrastructure of larger corporations, are particularly vulnerable. An attack can severely cripple operations, damage the brand’s reputation, and result in significant financial losses. The alarm isn’t just about potential threats but ensuring that businesses recognize their vulnerabilities and take proactive measures to protect themselves.

Financial implications of a ransomware attack

When ransomware strikes, the immediate concern is to regain access to encrypted data. Ransoms alone have nearly doubled from 2022 to 2023, costing on average $1.54 million, according to the Sophos State of Ransomware 2023.

But the costs go beyond paying a ransom. The cost of recovery includes business disruption, loss of productivity, investment in cybersecurity upgrades, repeated attacks, higher insurance premiums, legal costs, and other related expenses.

Perhaps the biggest cost threat of all is loss of business. Though a company may be years past from a ransomware attack, this breach of security could have a lasting impact on a company’s reputation and perception for customers, clients, partners, and stakeholders.

Comparing ransomware to other cyber threats

Ransomware might be making headlines, but it’s just one in a family of cyber threats.

Spear Phishing: Personalized scam emails targeting specific individuals or businesses. Their aim? Deceptively obtain sensitive information.

Malware: A broad term for any software maliciously designed to harm or exploit any device, network, or service. Ransomware is a subtype, but malware encompasses a vast array of threats.

Viruses: Rogue code that attaches to clean code, spreading through corrupting and damaging processes.

The defining line? Ransomware’s uniqueness is its hostage-like approach. Unlike others that might discreetly steal or damage, ransomware boldly locks and demands a ransom.

Statistics that raise alarm

Ransomware attacks have seen a rise and fall over the last decade, but the numbers are consistent: these types of cyber crimes are here to stay.

  • In 2016, there were over 638 million ransomware attacks worldwide, according to a study by ReliaQuest.
  • In the years following, there were on average 192 million attacks annually from 2017 to 2019.
  • Ransomware attacks increased during the pandemic, with 304 million in 2020, 623.3 million in 2021, and 236.1 million in 2022.
  • More recently, 2023 saw an increase of attacks by 64% in Q2 compared with Q1.
  • Even more shocking: Ransomware attacks victimized 68.5% of businesses worldwide in 2021.
  • Nearly half of small organizations don’t have any cyber insurance, according to the the World Economic Forum’s Global Cybersecurity Outlook 2023.

This isn’t just about big corporations with high-profile data breaches. It’s a ransomware small business crisis.

Every cyber attack on a small business makes recovery longer and more expensive. The median cost of a ransomware attack was $1.4 million in 2021, making ransomware protection more vital than ever.

The importance of ransomware protection

Prevention is the first step in your line of defense for protecting your business. Using advice from expert organizations and law enforcement agencies, we recommend the following steps to prevent a ransomware attack:

  1. Educate Your Team: Ensure they’re aware of the risks and know not to open suspicious emails or download unverified software. This step includes will require updating policies and training throughout your organization, so plan accordingly.
  2. Backup Regularly: It’s always smart to have a data backup, but even more so when you’re dealing with malicious actors. If ransomware strikes and your files are encrypted, you won’t be left in the dark.
  3. Update Regularly: Keep your systems and antivirus software updated. Many cyber attacks exploit vulnerabilities in outdated systems.
  4. Invest in Security: Consider advanced cybersecurity for small business solutions that offer real-time protection against threats. This may mean partnering with a professional agency that will make an audit of your business’s current and potential vulnerabilities. Some businesses even pay professionals to test their employees by launching fake phishing attacks and social engineering attacks for training.

Remember, ransomware protection isn’t just about fancy software. It’s about creating a culture of cybersecurity awareness in your establishment.

Picking up the pieces: ransomware recovery

If you’re reading this and thinking, “What if it’s too late? What if I’ve already been hit?” Don’t panic. Recovery is possible.

What to do if you’re attacked

Whether you’re experiencing a threat in real-time or retracing your steps following a recent ransomware attack, these next moves are vital in protecting your organization and limiting the damage and cost as best as possible.

  1. Isolate the affected device or system: Like all viruses, ransomware is designed to spread, from one device, system, or cloud to another. This step is crucial in minimizing the attack’s capabilities. Turn off any infected machines or systems and disconnect them from your network and the internet.

    Even if you only noticed a ransomware message or issues on a singular device, it’s important to consider any potential devices that may be compromised. Shut down anything that could potentially be infected (even if it means shutting everything off and stopping operations). It’s always better to be safe than sorry.
  2. Don’t Pay the Ransom: Paying cyber criminals doesn’t guarantee you’ll get your data back. In 2021, only 4% or organizations recovered all their data after paying the ransom. Plus, it funds these cybercriminals for their next small business cyber attack.
  3. Remove the Malware: Getting the ransomware off your devices and systems is a tricky step. Come to terms that you may lose partial or all of the data compromised in the attack. If you’re out of your depth, it’s best to seek professional help from IT and cybersecurity experts who’ve dealt with cyber attacks before. Once the malware is removed, change your passwords, logins, and credentials immediately.
  4. Identify Your Security Weak Points: Chances are, cyber criminals exploited a vulnerability in your system’s security to gain entry into your devices. Diagnosis is the first line of defense towards preventing another attack or reentry from criminals in the future.
  5. Contact the Authorities: Always report these incidents. They might be able to assist or provide guidance. Victims are encouraged to report these incidents to local authorities, as well as the FBI, CISA, or the U.S. Secret Service. Report to these federal agencies here.
  6. Seek Expert Help: Reach out to cybersecurity professionals who specialize in ransomware recovery.
  7. Contact Your Legal Team and Insurance: Depending on the type of data or systems compromised, you may be legally required to alert the public to your ransomware attack. In the same breath, you should make your PR or media team aware of the situation in case a public notice or statement is needed. If you have ransomware insurance, you’ll want to get in contact with your insurance agency to review the policy or file a claim.
  8. Notify Your Employees and Clients: If a significant portion of your systems are down, your employees and clients will need to know the proper course of action to move forward. Make sure you’re prepared to answer questions and admit when you’re unable to. Customers should be made aware of any service issues they may experience and a timeline for returning to regular operations.

It’s a tough journey, but remember, every setback is a setup for an even bigger comeback. In 2021, almost all organizations (99%) were able to retrieve some of their encrypted data, most by using data backups.

Other cybersecurity threats that small businesses face

Ransomware is undoubtedly a significant threat, but it’s not the only one out there. Small businesses should be aware of the broader landscape of cyber threats to ensure comprehensive protection.

  • Email Phishing: This is a deceptive technique where attackers send fraudulent emails that appear to be from trusted sources. The aim is to steal sensitive data like credit card numbers or login information. More about email phishing can be found here.
  • Cyber Security Best Practices: Protecting your business isn’t just about knowing the threats but also about implementing robust practices to defend against them. A compilation of top security tips can be found here.
  • The Darknet and Online Threats: The darknet is a hidden part of the internet where illegal activities, including the sale of stolen data, often occur. Knowing how to protect your business from such threats is crucial. Dive deeper into this topic here.
Don’t wait for the next threat.
Defend your business with EarthLink today


In this ever-evolving digital age, threats like ransomware are unfortunately becoming commonplace. But with awareness, preparedness, and the right tools, your business can stay one step ahead.

Your digital journey might seem daunting, but here at EarthLink, we’ve got your back. We’re here, not just as a service, but as your digital ally. Together, let’s ensure that your business thrives, come what may.

Table of Contents