Ransomware is an ongoing threat to small businesses everywhere. According to Astra Security's Top Ransomware Attack Statistics 2023, there are 1.7 million ransomware attacks every day and 19 every second.1 This type of malicious software can block access to your network or website until you pay the attacker the sum of money they demand. It's dangerous and can be devastating to your reputation as well as your bottom line, so make sure you understand it and take precautions.

How Does Ransomware Affect a Business?

Ransomware prevents businesses from accessing their own data. It encrypts the information on  company servers and workstations and locks you out until you pay the ransom. The ransomware can be accidentally downloaded by clicking on a file or link from a phishing email, which is the most common method of delivery.

Ransomware can affect your business by causing your website and/or network to be down for an extended length of time, and can expose sensitive data, including that of your customers, which can create a major problem for your reputation.

Major companies and governments, because they have deep pockets, are the usual targets of ransomware attacks. Last year, Toyota, the government of Costa Rica, and Bernalillo County, New Mexico were among the victims that were publicly announced, and many more victims chose to remain anonymous. However, businesses of all sizes may be vulnerable to ransomware attempts.

How Does the Data Hijacker Get Paid Without Getting Caught?

Ransom payments can be made using a variety of Internet currency, including Bitcoin and prepaid credit cards. Other hijackers actually provide a “premium telephone number” you dial to make payment and have your data unencrypted and returned for use without damage. To add to the stress, there’s also usually a time limit to pay off the data-hijackers. If the ransom isn’t received by the deadline, the data will be deleted or sold in hacker marketplaces, and your company now has even bigger problems. Client and company data is now in the hands of hackers, and even your Chief Technology Officer can’t decrypt it.

Where Does Ransomware Come From?

Your business probably receives emails every day from unknown sources – prospects, customers, clients, sub-contractors. Often you don’t know who sent that email. If you're not careful, you may open it and release ransomware across your company’s system. It's difficult to track, and is usually sent out as part of a phishing scheme with legitimate company addresses as sources.

"Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading," says the Information Security Office at UC Berkeley.2 "Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access to an organization’s network."

How to Help Avoid Ransomware

You can help to avoid ransomware by sticking to some best practices, many of which are common sense approaches to avoiding threats of any type. Cisa.gov (Cybersecurity & Infrastructure Security Agency) recommends the following to help avoid ransomware3:

  • Backup your computer regularly and store your backups separately
  • Use and maintain preventive software programs
  • Train your organization in anti-phishing methods
  • Update and patch your computer software
  • Use caution with links and when entering website addresses
  • Verify email senders and open email attachments with caution

The threat of ransomware and malware is the top cybersecurity concern for 2023, according to Fast Company.4 Vulnerabilities and attacks have been on the rise, and as the year progresses, we can expect to see this trend continue. Make sure you're doing everything in your power to help protect your business from this looming threat.

1. https://www.getastra.com/blog/security-audit/ransomware-attack-statistics/

2. https://security.berkeley.edu/faq/ransomware/how-does-computer-become-infected-ransomware

3. https://www.cisa.gov/uscert/ncas/tips/ST19-001

4. https://www.fastcompany.com/90831576/2023-cybersecurity-predictions-more-ransomware-attacks-on-critical-infrastructure-and-stolen-credentials


The information provided is presented for general informational purposes only and does not constitute tax, legal or business advice. Any views expressed in this article may not necessarily be those of Nevada State Bank. Nevada State Bank is a division of Zions Bancorporation, N.A. Member FDIC