Ransomware examples: What small businesses need to know

Let's take a look at some ransomware examples so you can understand how they happen, how they can disrupt your operations, and what steps you can take to protect your business. With the right protections in place, you can protect your digital assets from ransomware attack or minimize the impact of attacks.

A ransomware attack occurs when a cybercriminal infiltrates your computer systems with malicious software that encrypts your files. Ransomware often encrypts everything it can find, including your business documents, customer databases, financial records, and even your backup files if they're connected to a network. The attacker promises to release your files when you pay a ransom, which is typically demanded in untraceable cryptocurrency, like Bitcoin.

For small businesses, the damage can be significant. Even if the ransom note is paid, there's no guarantee your files will be released. Companies often lose weeks of revenue while trying to restore their systems if they recover at all. For some small businesses, the financial losses are so great, they’re forced into filing for bankruptcy or closing.

Ransomware differs from other types of malware in its aggressiveness and the damage it can cause. Unlike other types of malware that can secretly monitor your activities or annoy you with ads, ransomware attacks are much more aggressive and can cause greater damage to your small business.

The most common method cybercriminals use to deliver ransomware to small businesses is by inserting a Trojan virus through phishing emails. These fake messages often contain email attachments that are disguised as invoices, contracts, or receipts. They may also include links to fake websites that trick you into downloading malware.

Phishing emails have become very sophisticated, often designed to look like they’re from legitimate companies with attention-grabbing subject lines, such as:

• Your invoice is attached
• Your account has been compromised
• Package delivery failed – action required
• Password expiration notice

The messages often sound official and convincing. For example, you might receive a message that says:

"Suspicious activity has been detected. To protect your account, a password change is required. Please click the link below to update your login information."

Here’s another variation you might see:

"Attached is your invoice for services rendered. Please remit payment within 24 hours to avoid late fees."

Following the directions in the message can trigger a ransomware attack the moment you click the link or open the attachment. That’s why recognizing the red flags of email phishing attempts is so important.

This type of ransomware delivery method is especially dangerous because you don't have to click a link or download anything.

Instead, cybercriminals break into websites small businesses might visit—like vendors, service providers, or consultants—and inject their malicious code. When you go to the infected website, the ransomware automatically downloads and installs on your computer without your knowledge.

Many employees access office computers from home using a technology known as Remote Desktop Protocol (RDP). Cybercriminals take advantage of poorly secured RDP connections to gain access to business networks and insert their malicious code.

Several groups are responsible for most ransomware threats around the world, including LockBit, REvil, and Maze. Their operations are sophisticated, and they target both small and large businesses. They use automated tools and even have affiliate networks that allow less technical criminals to carry out attacks. This is known as ransomware-as-a-service (RaaS).

These groups don't just encrypt files and demand payment. They also threaten to make the information public if the ransoms aren't paid through cyber extortion. This double extortion puts tremendous pressure on victims to pay quickly to avoid reputational damage and potential lawsuits.

Here are a few high-profile examples of malware attacks that show how quickly ransomware can spread.

High-profile ransomware attacks often make headlines, but small- and medium-sized businesses also face serious threats. Here are some real-world examples of recent ransomware attacks that demonstrate how these types of businesses have been affected.

In August 2019, cybercrime hackers attacked more than 400 dental practices across the United States. Ransomware was inserted into their computer systems through a backup service they were all using, which was ironically used to protect sensitive information. Although the ransom was paid, many files were never recovered since the decryption key didn't work properly.

In 2023, cybercriminals attacked 141 healthcare organizations with ransomware demands. They locked hospitals' critical IT systems and patient healthcare information, which made it difficult to treat patients. The financial ramifications of dealing with a ransomware attack can be significant. The theft of protected patient information is a HIPAA violation, which may result in fines. Also, the average ransomware payment that year for hospitals was a staggering $1.5 million. Hospitals may also face lawsuits from affected patients.

Nothing is off limits to cybercriminals, even K-12 schools. In 2023 alone, there were 265 reported ransomware attacks in the education sector. Utah's Granite School District faced a $1.5 million ransom demand, Pennsylvania's Shenango Area School District dealt with a $1.3 million ransom, and Arizona's Tri-City College Prep High School was hit with a $100,000 demand.

Law firms are another popular target because they rely on web-based applications and store client information. In 2023, the average ransom demand for law firms was $1 million, although the amount is sometimes much higher. In 2020, the law firm of Grubman Shire Meiselas & Sacks, which specializes in the entertainment industry, was hit with a ransomware attack demanding $21 million with the threat of publishing encrypted data. The ransom demand was later doubled to $42 million.

As a small business owner or manager, you can prevent data breaches by implementing essential cybersecurity controls that cost little or no money. Perhaps one of the most important ransomware protections is to make regular backups and use offline storage. Keep multiple copies of your data, with at least one being completely offline, so you always have a copy that cybercriminals can't access. Be sure to test your backups regularly to ensure they work when you need them.

Training your employees to recognize and avoid phishing scams is another essential strategy since most ransomware enters through malicious email links or attachments. Make sure your team knows what to look for, like urgent language, password reset requests, and attachments from unknown senders.

Cybercriminals often take advantage of software vulnerabilities to gain access to business networks. Be sure to keep software updated and apply security patches right away. Also, enable automatic updates whenever possible, and replace software that’s no longer supported.

Be sure to install antivirus software on all business computers and devices and use a strong firewall and multi-factor authentication (MFA) to control what traffic can enter your network. If your business uses remote workers, encourage employees to secure their home internet connections and endpoints that are used for work.

Also, consider using professional security services to monitor your systems in real time for unusual activity and respond to potential threats. The cost is very low when compared to a ransomware attack.

When a ransomware attack strikes, financial damage can be devastating for small businesses. In addition to dealing with the costs of downtime and recovery, you may also face lawsuits and regulatory fines. Having the right insurance can help you survive a cyberattack instead of being forced to close your doors permanently.

Essential policies your business may need include:

Cyber liability insurance protects your business from ransomware and other cyberattacks. Cyber coverage can be either first-party or third-party. Many businesses use both to ensure they’re fully protected.

First-party cyber insurance covers expert cybersecurity services needed to remove malware and restore your systems and data. It also pays for credit monitoring services for affected customers and covers lost income while you’re down.

Third-party cyber insurance protects your business from lawsuits after a ransomware attack or other cyber incident. For example, if data is stolen from your systems, affected clients might sue your business. This coverage helps pay for legal defense costs, settlements, and potential judgments.

Electronic data processing (EDP) insurance protects your computer systems, software, and data. EDP insurance can cover the costs of recovering stolen data and replacing damaged hardware after a ransomware attack.

Electronic data liability coverage protects your business when client data is compromised. For example, if a cybercriminal steals your customers' personal information in a ransomware attack, this coverage helps cover the costs of notifying affected individuals, providing credit monitoring services, and defending against lawsuits.

General liability insurance covers property damage, bodily injury claims, and advertising injuries. For example, if someone enters your business and a product display rack falls and injures them, general liability insurance helps cover their medical expenses, legal fees if they sue, and settlements or judgments.

A business owner's policy (BOP) bundles general liability, property insurance, and business interruption coverage in one package. It's a more cost-effective way of obtaining coverage than purchasing the policies separately.

A commercial package policy (CPP) is like a business owner's policy. It combines general liability insurance and commercial property insurance into one convenient policy.

It's easy to get insurance for your small business with Insureon. Just fill out our online application to receive quotes from trusted providers. Our expert insurance agents are available to answer any questions and help you find the most affordable small business insurance for your needs.

Most small business owners can get same-day coverage and easily download a certificate of insurance (COI) as soon as they purchase a policy.