Understanding Ransomware: A Woman Business Owner's Guide to Prevention

Ransomware attacks have become increasingly common, with 85% of attacks now targeting small businesses, per Veeam’s last Data Protection Trends Report. Just like you wouldn't leave a store unlocked overnight, you need to protect your digital assets. Let’s talk about how to do that, as a business owner.

Understanding the Threat

Think of ransomware as a digital padlock on your business data. Cybercriminals use malicious software to encrypt your files or lock your systems, then they demand payment in exchange for the key to let you back in to your own stuff. Ransomware usually comes by way of emails or fake or compromised websites. (See our last blog on phishing.) There are several types of ransomware:

Crypto Ransomware This most common variant “encrypts” your files, which makes your files unreadable until you pay a ransom to get the key that makes them readable again. For example, your customer database could be encrypted so you would have no access to any of your customers.

Locker Ransomware Instead of encrypting files, this type locks you out of your entire system, usually displaying a message on your screen demanding payment in exchange for restoring access.

Double Extortion Ransomware These attackers not only encrypt your data but steal it and threaten to publish it publicly. (And to add insult to injury, some are adding a third layer: threatening and actually reporting businesses that are attacked to regulatory authorities, where they can incur fines and more due to violations.)

The Real Impact on Small Businesses

The consequences can be severe, especially for small businesses:

• The average cost of recovery can reach $3 million — not just the ransomware if it’s paid, but downtime, IT time to recover, legal fees, loss of reputation, etc.

• Business disruption can last weeks or months. (Read the story of Brillies sunglasses here.)

• As a result of the direct and indirect costs, up to 60% of small businesses fail within six months after a successful cyberattack.

Protecting Your Business

Just as you have procedures to protect your physical belongings, you need digital protection strategies.

Essential Security Measures

• Keep regular backups of your data (don’t forget to protect the backups, too!)

• Update your software regularly — operating systems for phone and laptops and other devices, apps, etc. Set updates to be automatic (and don’t delay them indefinitely.)

• Use strong access controls, like accounts with good passwords and two-factor authentication, not sharing accounts, only giving people the permissions they need, etc.

• Implement email filtering — but also train your employees for the ones that get through.

Real Life Examples

Here are a couple of examples of small businesses that experienced ransomware attacks and survived ONLY because they were prepared.

Bay & Bay Transportation (Minnesota)

• Trucking company suffered two ransomware attacks

• First attack in 2018 forced them to pay the ransom

• Second attack in 2021 by Conti ransomware group

• Better prepared for second attack due to dividing up their network, limiting the spread of the ransomware

• Refused to pay second ransom, though some employee data was leaked

G&J Pepsi-Cola Bottlers (Ohio)

• Detected and recovered from ransomware within seven hours

• Never missed an order or delivery

• Avoided paying ransom through cloud-based operations

• 95% of organization unaware of the attack during recovery

• Success attributed to diligent preparation and cloud infrastructure

Unnamed Construction Company

• Recovered 100% of data across 36 systems

• Complete recovery achieved in 14 hours

• Success due to immutable off-site backups

• Had suffered complete loss of on-premises data

• Recovered through cloud backup services

When Ransomware Strikes

If you discover ransomware in your system:

1. Disconnect infected devices immediately — from physical network if plugged in, as well as wifi network. Leave them on — turning them off can delete key evidence.

2. Contact your IT support or cybersecurity provider.

3. Report the incident to authorities.

4. Notify affected stakeholders as required by law.

Note that, while 80% or so of people pay the ransomware, 25% still don’t get their data back.

Recovery and Moving Forward

Recovery isn't just about getting your data back – it's about knowing you are restoring into a trusted environment and strengthening your business:

• Restore from clean backups (which presumes you have been backing up and testing your backups periodically.)

• Review and update security procedures.

• Train employees on new security measures.

• Have an response plan ready if it happens again, like Bay & Bay Transportation did.

• Document lessons learned for future reference.

Taking Action

Build on what you already know about your business and what is most important to you. Start with these steps so you are in the position of protecting yourself, not recovering from an attack:

1. Create regular backup procedures

2. Implement basic security measures (see our blog post on essential practices)

3. Train your team on security awareness

4. Have an incident response plan ready

Remember, your business expertise is your greatest asset in preventing ransomware attacks. The most successful cybersecurity strategies build on existing business knowledge. Your understanding of your operations, attention to detail, and ability to spot when something doesn't feel right are powerful tools in preventing ransomware attacks.