Published 2021-10-20 by TechNet New England
Ransomware (malicious software that encrypts your files and demands payment for their release) has become one of the most devastating threats facing small businesses. Attacks on SMBs have increased significantly because attackers know smaller organizations often lack the security infrastructure of larger enterprises.
Why Small Businesses Are Targets
- Weaker defenses: Small businesses typically have less security infrastructure than large corporations
- More likely to pay: Without robust backups, small businesses are more likely to pay the ransom to recover their data
- Supply chain access: Small businesses often have connections to larger organizations that attackers want to reach
- Limited IT resources: Fewer staff monitoring for threats means longer detection times
How Ransomware Gets In
- Phishing emails: The most common vector. An employee clicks a malicious link or opens an infected attachment
- Exposed remote access: RDP exposed to the internet is a prime target
- Unpatched vulnerabilities: Known security holes that have not been fixed
- Compromised credentials: Stolen passwords used to access your systems directly
Defense Strategy
Prevention
- Keep all systems patched and updated
- Deploy advanced email filtering with attachment scanning
- Never expose RDP directly to the internet (use a VPN)
- Implement multi-factor authentication everywhere
- Use endpoint detection and response (EDR) software
- Train employees to recognize phishing attempts
Containment
- Segment your network so an infection cannot spread to every system
- Limit user permissions (employees should only have access to what they need)
- Monitor for unusual file activity that could indicate encryption in progress
- Have an incident response plan documented and rehearsed
Recovery
- Maintain tested, offline backups that ransomware cannot reach
- Keep at least one backup copy air-gapped or immutable
- Document your recovery procedures step by step
- Know your recovery time objective: how long can you afford to be down?
Should You Pay the Ransom?
Law enforcement agencies universally advise against paying. Payment does not guarantee recovery, it funds criminal operations, and it marks you as a willing payer for future attacks. The best protection is making payment unnecessary through proper backups and security measures.
If you want a professional assessment of your ransomware readiness, contact TechNet New England. We will identify your vulnerabilities and build a practical defense plan.