Verizon’s 2022 Data Breach Investigations Report found that ransomware continues its upward trend with a nearly 13% rise. The increase is as much as the last five years combined, and in fact, it was present in almost 70% of malware breaches in 2022. So, we’re here to show you how to avoid ransomware.
Table of Contents
What is Ransomware?
Ransomware is malicious software that denies access to data or devices until, as its name implies, a ransom is paid.
There are various attack types, and a well-known example is crypto-ransomware or encryptors. The malware encrypts a victim’s files, and a message is displayed demanding payment in exchange for the decryption key.
It can encrypt files on a single device and travel across your network to encrypt files on network drives. Meaning one infected user can bring a halt to a department or entire organization.
| Major Types of Ransomware | |
|---|---|
|
Lockers |
Locks you out of your entire computer, making all files and apps inaccessible. Often, a countdown clock adds pressure. Locky is an example of a locker. |
|
Leakware/Doxware/Extortionware |
Threatens to leak sensitive company or personal data – or even report the breach to authorities – unless payment is made. Maze and Ryuk are examples. |
|
Scareware |
Fake alerts appear to come from legitimate antivirus software or tech support – claiming your system has a virus. It tricks you into paying for a fake fix to a threat that isn’t real – often by flooding your screen with pop-ups or locking you out of your system entirely. |
|
Ransomware-as-a-Service (RaaS) |
Cybercriminals develop and sell ransomware to others, who then use it to carry out attacks. Cerber ransomware is an example of RaaS. |
It is important to note that it is rarely advised to pay ransomware actors.
Paying the ransom does not guarantee that the attacker will give you what they claim they will.
However, it may encourage further attacks – on you and others.
Some attacks, though, can immediately impact customers or other stakeholders, forcing an organization into paying despite the consequences.
Example
If a hospital discovers that cybercriminals have accessed Protected Health Information (PHI) and threaten to sell it on the Dark Web if they don’t pay the ransom.
Ransomware in the News
Ransomware attacks are no longer isolated events. They dominate headlines and strike with increasing frequency and sophistication.
You may recall the Colonial Pipeline breach in 2021, but more recent incidents like the 2023 City of Oakland attack and the 2024 CDK Global breach show how relentless today’s attackers have become. In CDK’s case, hackers exploited the recovery window to launch a second, devastating blow.
Critical infrastructure continues to be a top target, and gaps in cybersecurity leave sectors like energy, transportation, and manufacturing dangerously exposed.
In response, the White House has moved from encouraging voluntary information sharing to enforcing stricter regulations across key industries.
Ransomware is now a boardroom issue. If your leadership team hasn’t recently evaluated your organization’s cybersecurity posture, there’s no more time to wait.
Businesses of all sizes must adopt proactive strategies and build resilient, well-tested security plans to reduce risk and ensure continuity.
What is Ransomware as a Service (RaaS)?
Ransomware as a service is a criminal business model where cybercriminals provide ransomware tools and services to other criminals, like software as a service (SaaS). A RaaS kit may contain familiar marketing approaches, including bundled offers, forums, 24/7 support, reviews, and other features.
RaaS makes it easier and more affordable for cybercriminals to launch ransomware attacks. They don’t need technical expertise or significant resources to distribute the malware. This service even includes a variety of payment models.
RaaS Payment Models:
- Monthly subscription
- One-time ransomware purchase
- Percentage of successful ransom payments
This business model has undoubtedly led to an increase in the number of ransomware attacks we experience today.
What Triggers Ransomware?
Ransomware attacks are triggered by malware delivered through various methods, including:
1. Phishing Emails
The victim receives an email that appears to be from a legitimate source (e.g., a bank or government agency) with a link or attachment that, when clicked, downloads the malware onto the victim’s system. Being infected may make your computer part of a botnet system – a means for cybercriminals to gain data (e.g., passwords, Social Security numbers, and other personal information).
A target may also be baited into divulging sensitive information or downloading malware.
2. Malicious Websites
In this scenario, the victim visits a compromised website or a site that was designed to deliver malware. In this scenario, the malware is downloaded onto the victim’s system without their knowledge – known as drive-by downloading.
3. Vulnerabilities
The attacker exploits a vulnerability in the victim’s software or operating system to deliver the malware onto their system.
Who Do Attackers Target the Most with Ransomware?
Ransomware attacks can target anyone with a computer or internet-connected device. Still, certain groups are targeted more frequently than others. The following are some of the most common targets of ransomware attacks:
1. Government Agencies
Government agencies are commonly targeted by ransomware attacks, as they often have valuable and sensitive data that cybercriminals can hold hostage for ransom.
2. Healthcare Organizations
Healthcare organizations are particularly vulnerable to ransomware attacks because of the sensitive patient data they store, which can be very valuable to cybercriminals.
3. Educational Institutions
Educational institutions, such as universities and schools, are also frequently targeted by ransomware attacks because they often have many computer systems and may not have the same level of cybersecurity measures in place as businesses or government agencies.
4. Businesses
Ransomware attacks against businesses are increasing. Cybercriminals see businesses of all sizes as lucrative targets that can pay high ransoms to restore their data and systems.
In 2022, more than 200 government, education, and healthcare organizations in the US were victims of ransomware. Taking measures to protect yourself and your organization is vital because no one is exempt from this type of attack.
What Are the Implications for Small Businesses?
Ransomware attacks can be devastating for small businesses often because they lack the cybersecurity resources and infrastructure that larger organizations rely on. The financial impact alone can be crippling.
While ransomware is challenging for any organization, the consequences are especially severe for SMBs. Beyond the ransom itself, the real damage often comes from downtime – missed deadlines, lost customers, reputational harm, and potential legal or compliance penalties.
Encouragingly, more businesses are refusing to pay. In 2022, ransomware payments dropped to $456 million – which is a 40% decline over the previous two years. But refusing to pay is only effective if your business can recover quickly.
Without a tested recovery plan, the costs of operational disruption can spiral. That’s why a proactive, data-driven cybersecurity strategy is essential for protecting your business, your reputation, and your future.
Discover 16 essential cybersecurity controls your small business needs to reduce risk and avoid costly damages associated with a cyberattack.
How Do Small Businesses Defend Against Ransomware?
At Teal, our cybersecurity experts take a data-driven, preventative approach. We help clients stay protected with continuous threat monitoring, employee training, regular file backups, network segmentation, and prompt patching of vulnerabilities.
Every SMB should adopt these best practices to reduce the risk and impact of a ransomware attack.
To make that easier, we’ve created a practical guide to help you strengthen your defenses and stay one step ahead.
Download the guide to take action today, and if you need expert guidance, we’re here to help.
Don’t wait until it’s too late to protect your business. Use the eight steps outlined in this guide to safeguard your business.
