April 10, 2017 by

The Effects of Ransomware on Small and Midsize Businesses

A recent surge of Ransomware attacks on Small to Midsize businesses has caused many enterprises to re-evaluate their disaster recovery and security strategies. The reason these organizations have become a main target is due to their lack of funds to implement strong security measures. Ransomware attacks encrypt the files on a system, holding them hostage until the ransom is paid. Currently, the average price ransomware victims are paying is $679, a $385 increase from 2015. This malware can stealthily pass through IT networks undetected through phishing attacks, exploit kits, removable devices, or external network shares. Many new types of Ransomware are undetectable by antivirus programs. According to, PhishMe, Ransomware grew over 600% in 2016 and the total estimated losses of over $1 billion. Ransomware has become one of the most dangerous weapons cybercriminals can use against organizations and consumers.

In 2016, reported cases of ransomware attacks caused, 30% of businesses to lose revenue and 20% of businesses to go out of operation. It can take a business more than nine hours to recover, losing both revenue and time. Businesses can be forced to shut down all systems to handle the attack depending on the magnitude of the compromise. A shut down will not only cause the organization a loss of money, but also a loss in reputation. When affected by ransomware, businesses often pay the fee to get their data back, regardless of the price due to time sensitivity. However, often, even if the ransom is paid the attackers will still destroy all data. Security experts recommend not paying the ransom; consulting a firm, like LIFARS during an attack can help minimize loses. The long-term effects of an attack can be more costly than the initial impact.

It is essential for Small and Midsize organizations to be aware of current cyber threats, and make building strong defenses and disaster recovery a priority, using a multi-layer approach. It is recommended that small businesses hold employee awareness training, system updates, software patches, regular backups, and layered security. Many ransomware attacks come through phishing and use of social engineering tactics, which employees become victim of. Educating and training employees of the malware, tactics used, and how it is distributed will decrease the chance of a ransomware attack.

It is also important to constantly update applications, so the malware doesn’t come through a vulnerable and outdated source. Continually securing copies of data is vital to the businesses and should be kept at an offsite location, so if affected by the malware the company can run a scan on the infected machine and then restore the computer using the backups.

There should also be multiple sets of copies since ransomware works silently and encrypts files over a period of time, sometime even encrypting the backup data. This will save money and valuable resources. Implementing a multi-layer approach and frequently monitoring sensitive data can also help detect and stop ransomware attacks in their tracks.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Mac Malware Rises as Ransomware Extortionists Target Apple Users

A survey by security software firm Malwarebytes’ analysis of malware and cybercrime in the first...

Read more arrow_forward

Pennsylvania Democrats Refuse to Pay Ransom After Cyberattack

A ransomware cyberattack targeting the computers and network of the Pennsylvania State Senate...

Read more arrow_forward

Russian Hackers Behind Ransomware Targeting U.S. Police, Says Acronis

According to data-protection specialist Acronis International, Russian hackers are likely to be...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.