Ransomware will shut you down.

For years now, ransomware has been one of the most dangerous, most devastating forms of cyberattacks out there.

• Crooks trick you into getting access to your computers

• They steal whatever files they find

• They encrypt your devices so that you can’t use them

• Final step - they tell you to pay a ransom in cryptocurrency, or you’ll never be able to access your locked files again

As a double whammy, they also threaten to release whatever files they stole, on the internet.

• If they stole your business plans, your competitors will read them and you’ll lose whatever edge you had

• If they stole financial data, your employees might leave

• If they stole customer information, regulators will be all over you, forcing you to pay fines and change your operations

We journalists cover ransomware attacks all the time. However, we are focused on large enterprises, government agencies, healthcare, and critical infrastructure firms, because these get the most clicks. Ransomware demands are here in the millions, which always makes for a great headline.

This is real life

But criminals deploying ransomware are financially motivated. They don’t care about company size. All they care is that you make the payment - $100 or $100,000, it’s all the same to them. Here are a few examples of family firms being absolutely obliterated with ransomware:

1. KNP Logistics: In 2023, KNP, a 158-year-old family-owned logistics company based in Kettering, England, suffered a ransomware attack by the Akira group, believed to be Russian-based. The attackers infiltrated the company's systems by guessing an employee's weak password. Despite having cybersecurity insurance and international data security accreditation, KNP was unable to recover its financial data. This loss prevented them from securing necessary banking credits or finding a buyer, ultimately leading to the company's closure within three months and the loss of 730 jobs. 

2. Trustvio SaaS Startup: Trustvio, a small Software-as-a-Service (SaaS) startup, was targeted by a ransomware attack demanding $2 million. The attack occurred as the company was onboarding its first customers, severely impacting its operations and financial stability. 

3. Vastaamo Psychotherapy Center: Vastaamo, a Finnish private psychotherapy service provider, experienced a data breach in 2020 where sensitive patient records were stolen. The attackers demanded a ransom of approximately €450,000, threatening to publish the records if unpaid. When the company refused to pay, the attackers began leaking patient records online and individually extorted patients. The breach, resulting from inadequate security practices, led to the company's bankruptcy.

Don’t think that just because you’re smaller and your revenue is not in the millions that hackers won’t try to infect you with ransomware. If you give them an opportunity, they will, and they don’t care if it ruins your entire life.

Defending isn’t that difficult. I’ve recently built a cybersecurity checklist that you can find here. Make sure to check all the boxes here and you’re good to go.

Until next time, stay safe!

• Sead from SmallBiz CyberWiz