A ransomware attack involves hackers holding your data for a ransom. You’ve heard the stories about cybercriminals using ransomware to blackmail companies and disrupt operations. You know you want to keep your business out of those headlines. With some know-how, you can help prevent your business from suffering losses accompanying a ransomware attack. Read on to learn more about how to prevent, detect, and lessen the effects of a ransomware attack if it occurs.

What is ransomware?

Ransomware is malicious software (also called “malware”) that encrypts a victim’s information and demands they pay a ransom to regain access. And it’s getting easier to target businesses: Hackers are buying ransomware-as-a-service (RaaS), which allows them to license ransomware created by another developer. Furthermore, according to a recent Senate testimony, about half of small businesses have no cybersecurity resources.1

Imagine that you log into your computer at work only to see a message that says all of your files have been encrypted, and you must pay to recover them. If you don’t pay, the cybercriminal threatens to delete them forever. Not exactly the start of a great day.

How do ransomware attacks happen?

Cybercriminals need access to your computer or mobile device to launch a ransomware attack. To do so, they will often send a phishing email designed to look legitimate. Instead, the email contains a malicious attachment or website link. If you click on the link or download the attachment, it will install ransomware on your computer. You may also encounter malicious links and attachments on social media or websites.

For example, an illegitimate email could look like an everyday communication from your bank with an attachment that claims to be an account statement. Another common scenario is a “drive-by” download that involves visiting an infected website that automatically downloads and installs the malware onto your computer. Attackers use “exploit kits” to scan your operating system and software for vulnerabilities. If they find one, they inject the attack into your computer. Talk about an uninvited guest.

Once installed, the ransomware will begin encrypting all the data saved on a device’s hard drive, such as documents, videos, images and audio files. It can also encrypt data held on any computers sharing the same network as the original infected device. When the encryption is complete, the screen will display the ransom message with instructions on paying the hacker.

How can you detect a ransomware attack?

Of course, you’ll know you’re the victim of a ransomware attack if you see a ransom message and can’t access your data. However, there is a way to detect one earlier in the process. Anti-ransomware software monitors for early signs of an attack.

It uses predictive analytics and machine learning to identify conditions and anomalies that are signs of a cyberattack, such as text strings associated with ransomware and higher-than-average amounts of unique data. Early detection can help to isolate an infection, reduce the impact, and restore computers to the most recent secure backup.

How can you prevent a ransomware attack?

Nobody wants to be on the receiving end of a ransomware attack. Here’s what the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) say you can do to try to prevent one from happening to you:2,3

  • Stay up-to-date — Keep your software, applications, and operating systems current. Install available updates as soon as possible and ensure you have the latest patches. The “remind me later” button is not your friend here.
  • Use preventative software — Have anti-malware and antivirus security, firewalls and email filters in place. They should update automatically and perform regular scans.
  • Be careful with links — Malicious links are common in ransomware attacks. Scrutinize links to make sure they are correct, especially in emails. Malicious website addresses are often nearly identical to legitimate sites. The difference could be as slight as a .co instead of a .com.
  • Be wary of attachments — Email attachments are another common culprit, especially those that are compressed or ZIP files. Don’t open them unless you are sure you know the sender and are expecting them.
  • Back up your files — Have a backup of your files that’s not connected to your networks or computers. Doing so can help to relieve you from the leverage a hacker holds over you.
  • Stay in the know — Keep an ear out for the latest cybersecurity threats and techniques so you can continue to protect yourself and your business.

A big part of not becoming the next ransomware victim is being aware of hackers’ tactics and taking preventative steps like these.

How can you recover from a ransomware attack?

If your business is the target of a ransomware attack, the FBI does not recommend that you pay the ransom. Doing so doesn’t guarantee data recovery and encourages criminals to target more victims. Instead, contact your local FBI field office and cyber forensic experts for help.4

If you have backup data, it’s important to scan it with an antivirus program to ensure it is not affected. And, once ransomware is removed, be sure to change all system passwords.5

Next, you must often disclose the attack to the public and your customers. Security breaches regularly involve personally identifiable information (PII), and the law requires private businesses to notify affected parties.6 The attacks will also disrupt business operations, so it’s best to keep customers and partners informed with the latest updates.

Protect your business against ransomware

The fallout from a ransomware attack can be a big pain for big business. But for a small business, it also has the potential to bring down your company. It’s important to take the proper steps to minimize your vulnerability. Thankfully, there’s cyber liability insurance. Cyber insurance can protect your business against the financial repercussions of a ransomware attack. If the worst-case scenario happens to you, you have both first- and third-party coverage for common losses such as lost or damaged data, notification costs, settlements, and even ransom payments.

For everything else, there’s small business insurance from Thimble. Designed for businesses of any size and every stage, you can get coverage only when you need it and upgrade when business really takes off. Click “Get a quote” or download the Thimble mobile app, answer a quick set of questions, and get covered in just a few minutes.


  1. Forbes.Small Businesses Bearing Brunt Of Ransomware Attacks, Senate Told. 
  2. FBI. Ransomware. 
  3. CISA. Protecting Against Ransomware. 
  4. FBI. Ransomware. 
  5. CISA. Protecting Against Ransomware. 
  6. NCSL. Security Breach Notification Laws.