Inc: 6 Things Every Small Business Needs to Know About Ransomware Attacks

It’s tempting to think the average cyber extortionist has bigger fish to fry than your small business. Last month alone, hackers targeted the largest petroleum pipeline in the United States, Ireland’s national health service, the city of Gary, Indiana, and numerous other big targets.

But while they may receive less attention, 50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies, Secretary of Homeland Security Alejandro Mayorkas said during a U.S. Chamber of Commerce event in May. And changes in business practices, accelerated by the pandemic, have left small businesses even more vulnerable.

In ransomware attacks, cyber criminals use malware to take over and encrypt a victim’s files and data, effectively holding the data hostage until they’re paid to release it. The recent surge in remote work was a golden opportunity for hackers, who took advantage of out-of-date VPNs and unsecured home networks.

The consequences of a ransomware attack on a small company aren’t as wide-ranging as those on a hospital or a public utility, but the result for the victim can be more crippling. An estimated 60 percent of small businesses fail within six months of an attack, according to the National Cyber Security Alliance. For the companies that do recover, repeat ransomware attacks are increasingly common: Roughly 80 percent of victims are hit a second time, according to a report from Boston-based cybersecurity firm Cybereason.

Small businesses are attractive targets because they typically lack the budget and resources to prevent, identify, respond to, and recover from threats. There are, however, some simple methods that can help, says Charles Horton, chief operating officer of cybersecurity firm NetSPI. Here are a few things he and other experts say you should know about ransomware.