Know your Cyber Threats – Ransomware

Featured Image Template

In 2023, one of the biggest threats faced by SMEs will be cybercrime. Recent years have seen dramatic increases in both the sophistication and frequency of cyber-attacks, with some estimates suggesting that the covid-19 pandemic caused a 6-fold increase in online criminality.


While sometimes wrongly associated with larger corporations, small to medium sized enterprises often bear the brunt of cybercrime, with around 43% of attacks targeting smaller businesses, many of which don’t have adequate defenses in place. So what can you do to mitigate against the threat of online crime, and prepare your business for a breach attempt? 


According to several recent studies, most cyber breaches can be traced back to some form of end-user error or malpractice. Such actions might include falling for a phishing scam, downloading a file from a rogue website or exercising poor password hygiene. In many  such cases the key to mitigating against the threat lies in awareness. In other words: knowing what techniques the criminals use, how to spot attacks, and the measures that can be taken to reduce your business’s vulnerability profile.


In this short blog series we’ll explore some of the most commonly encountered cyber threats faced by US businesses, starting with possibly the most feared of them all: ransomware.


Ransomware – what is it?


Ransomware is a form of malicious software (malware) that typically blocks access to a computer system or corrupts data, with the hackers promising to restore access once a fee is paid. Ransomware can be divided into two main categories: locker ransomware and crypto ransomware.


Locker ransomware operates at device level. Typically, users are prevented from passing the device’s login page due to the malware changing the password.


Crypto ransomware on the other hand typically affects file resources, often encrypting files stored on a device en-masse and using latent software vulnerabilities to travel laterally across a network in order to inflict further damage. Considered more common and more harmful than locker ransomware, crypto ransomware can have a devastating effect on business continuity and productivity, and the consequences can be even more devastating if the attacker leaks sensitive information onto the web.


How does Crypto Ransomware work, and where does it come from?


Crypto ransomware deploys something called asymmetric encryption to take control of files, whereby a pair of “keys” is involved in the encryption and decryption process – one known as the public key, the other known as the private key. Under normal circumstances, this form of encryption sees content encrypted by the public key before being sent to an intended recipient who has been given the private key needed to decrypt it. However, in the case of crypto ransomware, the private key remains in the hands of the attacker, who promises to release it (in other words, decrypt the files) once the ransom payment is received.


Paying the ransom, however, offers no guarantee that your files will be decrypted, with many attackers simply moving on to their next victim without restoring file access. There is even some speculation in cyber security circles that paying a ransom can mark an organization as a compliant target, possibly increasing the risk of further attacks.


Ransomware most often makes its way onto networks via three main routes of transmission: via email attachments, bogus software downloads and through network vulnerabilities. Applying measures to secure these entry routes is therefore crucially important.


Why should I be concerned about Ransomware attacks?


Ransomware is on the increase. According to a report by Cybersecurity Ventures,  2016 saw a business fall prey to a ransomware attack every 40seconds, increasing in frequency to every 11 seconds in 2021. The financial damage inflicted by these attacks is huge, with the estimated cost of downtime alone totaling $159.4 billion for US businesses in 2021, a year which saw over 34 million records affected.


The damage caused by ransomware attacks can be severe and protracted, ranging from immediate business disruption and the loss of critical data to long-term reputational damage and regulatory penalties if non-compliance is evident.


What steps can I take to secure my business against ransomware? 


It’s impossible to gain complete immunity from ransomware attacks, but there are several steps you can take to make your business less of a target and mitigate against the damage such attacks can cause:


  1. Back up your data. Ensuring all your files are backed up means that you’ll be able to restore critical information swiftly and avoid paying the ransom. The 3-2-1 backup principle is a good strategy for a sound data backup system, advising that data should be copied to 3 locations, on 2 different types of storage media, one of which should be off-site for disaster recovery purposes.
  2. Maintain software. Apply security patches and other software updates across your devices as soon as they become available. This action will minimize the window of opportunity to hackers looking to capitalize on software vulnerabilities.
  3. Implement email security measures. Use signature-based threat monitoring tools to scan inbound emails for signs of malicious intent or harmful, malware-infested attachments.
  4. Maintain firewall protections. Keep your employees away from dark corners of the web by maintaining comprehensive firewall protections that prohibit access to sites that aren’t necessary for work purposes.
  5. Raise awareness among your staff. Make your team aware of the harm ransomware can cause and some of the places it’s most likely to be encountered. Ensure only IT personnel have the ability to download software onto devices and encourage staff to be vigilant when handling emails, ensuring they know how to spot “phishing” scams which are often used as vectors of ransomware transmission. You might even want to train your staff on how to inspect email headers so they can verify the origin of suspicious mail.




Ransomware is known for being a particularly injurious type of cyber-threat, with the name alone able to induce trepidation in any business owner. However, by taking a few sensible precautions as part of a multi-layered security strategy you can dramatically reduce your business’ risk profile and lessen the threat posed by ransomware.


Stay tuned for our next article where we’ll explore DDoS attacks, and why you should be aware of them in 2023.


We help San Francisco businesses leverage technology for maximum reward 


Operating from the heart of the San Francisco Bay area, our multi-talented, 20-strong team has the skills and experience required for the most ambitious projects. Our strategy-driven IT support is guided by our extensive experience helping organisations in some of the most technically challenging and compliance-laden sectors, with a desire to allay operational challenges, address regulatory hurdles and overcome commercial constraints central to everything solution we implement. Get in touch today, and find out how proactive, strategic IT support from Centarus could transform your business. 


More Posts