What Is Ransomware and How to Prepare
Imagine sitting down to work, opening your computer—and seeing a message like this:
"Your files have been encrypted. Pay $80,000 in Bitcoin within 72 hours, or they will be deleted forever."
That's ransomware in action.
It's one of the most devastating threats to small and mid-sized businesses today. And it's not just an enterprise problem—SMBs are prime targets because attackers know they're often underprepared.
This post breaks down what ransomware is, how it works, why it's so effective—and most importantly, how you can prepare before it happens to you.
🧠 What Is Ransomware?
Ransomware is malicious software that encrypts your data and demands a ransom payment (usually in cryptocurrency) to restore access.
If you don't pay, your files stay locked—or get leaked to the public.
Some variants also:
- Steal sensitive data before encrypting it (double extortion)
- Spread to connected systems (network-wide impact)
- Target backups to block recovery options
In simple terms: Attackers lock up your files and hold them hostage.
📉 Real-World Ransomware Attacks That Crushed Companies
🛢️ Colonial Pipeline (2021)
- A ransomware attack halted gas distribution across the U.S. East Coast
- Caused panic buying and fuel shortages in 17 states
- The company paid $4.4 million in ransom
🏥 Hollywood Presbyterian Medical Center (2016)
- Hospital systems shut down
- Staff used fax machines and paper charts for 10+ days
- Paid $17,000 in Bitcoin to restore operations
🧾 Travelex (2020)
- British foreign exchange company hit with Sodinokibi ransomware
- Attackers demanded $6 million
- Travelex declared bankruptcy shortly after the attack
🧑💻 Common SMB Case:
- Small accounting firm in California
- Ransomware encrypted QuickBooks, client files, and tax documents just before April 15th
- They paid $12,000 in Bitcoin—then had to rebuild everything manually because the decryption tool failed
🎯 Why SMBs Are Ripe Targets
- Smaller budgets
- Fewer security layers
- Limited IT staff
- Often unaware of proper defenses
Attackers know SMBs are more likely to pay quickly to get back to work.
🔍 How Ransomware Spreads
- Phishing emails with malicious attachments or links
- Drive-by downloads from compromised websites
- Remote Desktop Protocol (RDP) brute force attacks
- USB devices infected with malware
- Outdated software or misconfigured systems
One click. One exposed port. That's all it takes.
🤯 Ransomware Trivia You Can Drop at Your Next Team Meeting
- The first known ransomware attack was in 1989, delivered via floppy disk, and demanded payment by mail. 🧠 It was called the AIDS Trojan
- Ransomware payments in 2023 totaled over $1 billion
- The average downtime for businesses hit by ransomware? 22 days
- Some ransomware groups offer "customer support" to help you pay and decrypt faster (yes, really)
🛡️ How to Prepare for Ransomware Attacks
Preparation beats panic. Here's your action plan:
✅ 1. Backup Like It's Your Job
- Use automated, offsite, and isolated backups (cloud + offline)
- Test your recovery process quarterly
- Store backups separate from your main network
If your backups are connected to the infected system—they're toast too.
Follow the 3-2-1 rule: 3 copies, 2 different media, 1 offsite.
✅ 2. Train Your Team
- Most ransomware enters through email
- Teach staff to spot phishing emails and suspicious links
- Run simulated phishing tests every 3–6 months
✅ 3. Patch Early, Patch Often
- Keep operating systems and software up to date
- Focus especially on:
- VPNs
- RDP
- Email platforms
- Firewalls
- Use a patch management tool if you have multiple endpoints
✅ 4. Enable MFA (Multi-Factor Authentication)
- Especially for:
- Cloud apps
- VPN and remote access
- This blocks 90%+ of credential-based intrusions
✅ 5. Restrict Admin Access
- Apply least privilege: only give access to what people need
- Separate daily-use accounts from admin credentials
✅ 6. Segment Your Network
- Prevent ransomware from spreading to everything by isolating:
- Finance systems
- HR data
- Servers
- Guest Wi-Fi
✅ 7. Have an Incident Response Plan
- Know who to call (internal + external)
- Know how to isolate systems fast
- Know how to notify clients or regulators, if needed
- Keep a printed copy of your plan—you may not have digital access when you need it
❌ Should You Ever Pay the Ransom?
Short answer: No—but...
Law enforcement agencies recommend never paying, because it:
- Encourages more attacks
- Doesn't guarantee recovery
But in reality, some businesses do pay—especially if backups failed or time-sensitive operations are impacted.
Preparation is the only guaranteed way to avoid that decision entirely.
If you're hit, here's what to do:
DO:
- Isolate affected systems (disconnect from network)
- Preserve evidence (don't wipe systems)
- Contact your incident response team
- Report to law enforcement
- Notify your cyber insurance carrier
DON'T:
- Pay immediately (negotiate if at all)
- Destroy evidence by "cleaning up"
- Communicate over compromised systems
- Assume it's contained
This decision should involve legal counsel and incident response experts.
✅ Final Thoughts
Ransomware is brutal—but beatable.
You don't need a million-dollar security team to stay safe. You just need:
- Awareness
- Preparation
- And the right tools in place
Don't wait until your screens go dark. Build your defense now.
Ransomware succeeds because organizations skip the basics:
- Unpatched systems
- Untested backups
- Untrained employees
- Excessive access privileges
Fix these four things and you'll stop most ransomware attacks before they start.
💬 Need Help Testing Your Ransomware Readiness?
I offer custom risk assessments and tabletop exercises for small businesses that want real-world resilience. Let's build your defense before someone else tests it for you.
Book a free 30-minute consultation and we'll help you assess your ransomware preparedness.
Questions? Reach out directly:
- Email: m1k3@msquarellc.net
- Phone: (559) 670-3159
- Schedule: Book a free consultation
M Square LLC
Cybersecurity | Practical Help | Built for Real People