(808) 205-5644

Huge Ransomware Demands From Small Businesses on the Rise  

Cyberattacks may not be natural disasters, but they hit their targets in a similar, non-discriminatory fashion. Many small businesses — including small and medium healthcare organizations — are under the false impression that just because they aren’t a Fortune 500 company with huge assets, they are safe from cyberthreats.

Small- and Mid-Sized Businesses are a Hacker’s Preferred Ransomware Target

The misconception that smaller organizations are less vulnerable couldn’t be further from the truth. In fact, many savvy hackers view small- and mid-sized healthcare and other businesses as the low-hanging fruit of the dark web. The reason for this is a practical one: Smaller organizations tend to have fewer resources to spend on security and data protection, and when it comes to ransomware, smaller businesses are less equipped with resources to deal with the loss of data that would result from not complying with the hacker’s demands.

To put it bluntly, smaller organizations pay up when they are told. They typically don’t have an army of defenses behind them to take any other course of action, so hackers see them as an easy payout.

Ransomware Demands of Small- and Mid-Sized Organizations Net Hackers Thousands per Day

A typical business day in the life of a ransomware hacker means they will send multiple low-end ransomware demands to many different targets, usually in the neighborhood of $1,000 to start. But that’s just the first demand. Hackers typically view this as a nuisance payment for the business and as a method to test the waters as to how responsive the business might be — and ultimately, how much it cares about its data.

It makes perfect financial sense for a hacker to cast a very wide net when it comes to small- and mid-sized businesses. First of all, it’s easy money. Secondly, smaller notes are more feasible for smaller businesses to pay. Even a success rate of one business ransom at $300 per day is a very profitable ROI, and it keeps ransomware hackers motivated to develop their methods and continue their attacks.

Once you pay up, regardless of how large or small the demand, you are sending a very clear message to your hacker that they are on to something — and that your business holds valuable information that you are willing to pay to rescue.

Here are a few of the most common ransomware tactics that small- and mid-sized businesses should be aware of:

  • Specific industries are often targeted with a single ransomware strain, sometimes more than 90,000 computers in just one day.
  • Crypto-ransomware targets only specific files and data, while locker ransomware shuts down the entire PC.
  • Ransomware codes are easily and constantly tweaked to allow for several variants, which is why anti-virus, anti-ransomware, and anti-malware can hardly keep up with the advancement of cyberthreats.
  • Ransomware is often embedded in the advertisements on popular websites.

What Can a Small- or Mid-Sized Business Do to Prevent a Ransomware Attack?

  • Don’t open suspicious attachments or emails from unknown or unexpected senders.
  • Backup important files and data regularly, ideally in three different locations by following the best practices rule of 3-2-1: one backup locally on an external hard drive, one in the cloud and one off site.
  • Keep all apps updated and patched.

What Should I Do if My Business Is Attacked?

Ideally, you’ll be in a position to avoid paying up because you followed the backup rule. If you end up in the position of needing to pay a ransom to avoid losing valuable data, try to delay the inevitable by making the attacker feel that you plan to pay — and play by his rules for the time-being.

In the meantime, gather all information that you have on the attack and contact your managed IT service provider. Depending on the scale of the attack and whether sensitive patient health information is involved, you may be subject to data breach rules and reporting requirements under applicable HIPAA regulations.

If you feel your organization might be unprepared to deal with a ransomware attack, {company} can help secure your IT network and your valuable business data. Contact us at {phone} or send us an email at {email} for more information.

Experience VITECH… Find Out What Our Clients Are Saying About Us

Get The Latest News & Information About CyberSecurity

Fill In The Form Below for industry news, and information about our services, events, webinars and more.