The Cost of Cybercrime is Constantly Rising How to Combat Ransomware Attacks on SMBs

By Rui Lopes, Sales Engineering and Technical Support Director, Panda Security

Cybercrime is an undeniable constant in the business landscape these days. The cost of cybercrime is constantly rising—it is estimated that by 2021, it will have reached $6 trillion worldwide. Cyberattacks on large companies tend to grab headlines all around the world because of their spectacular impact. However, there is one sector that, though it doesn’t normally generate headlines, suffers devastating effects of ransomware attacks: small- to medium-sized businesses (SMBs).

According to Beazley Breach Response Services, 71% of ransomware attacks target SMBs. The average ransom demand for this kind of attack is $116,234. In more general terms, 43% of all cyberattacks target this kind of company, while just 14% of these businesses are prepared to defend against their effects. In the business world, cybersecurity awareness is the main challenge: employees’ actions are often the first line of defense against a cyberattack. To ensure that a cyber incident does not cause serious damage to a company, it is important that its employees follow a series of vital tips:

  • Never open attachments from unknown senders. 92% of the malware in the world arrives via email.
  • Don’t plug in an unknown USB device. It may contain malware that could cause grave problems for the company.
  • Get into the habit of updating passwords. This way, even if a password is leaked in a data breach, it won’t become a security risk.
  • Updates for endpoints, devices, and for third-party applications are an important barrier against security breaches.

That being said, the best way to combat ransomware is by not becoming a victim in the first place. To that end, here are five immediate steps that SMBs can take to avoid ransomware attacks.

Step 1: Set Operating Systems to Automatically Update

The first step to avoiding ransomware is to update your operating system (OS). Anything connected to the web works better when the OS is updated. Tech companies like Microsoft and Apple regularly research and release fixes for “bugs” and security patches for vulnerabilities in their systems. It’s a cybersecurity game of cat and mouse. Cyberthieves search for “holes,” and companies race to find them first and “patch” them.

Users are key players in the game because they are the ultimate gatekeepers of their operating systems. If your OS isn’t up to date, you can’t take advantage of the security updates. Plus, your computer runs better with an updated OS.

Set your OS to update automatically and you won’t need to remember to do it manually. While Windows 10 automatically updates (you have no choice), older versions don’t. But setting auto-updates is easy, whether you’re on a Mac or PC.

Step 2: Screenshot Bank Emails

Cybercriminals use trojans or worms to infect your computer with ransomware. So, avoiding these will help you avoid ransomware. Worms and trojan malware are often spread through phishing email scams, which trick users into opening email attachments containing viruses or clicking links to fake websites posed as legitimate ones.

One of the best tips for keeping phishing emails at bay is learning to identify them. Hackers send phishing emails that look like they come from banks, credit card companies, or the IRS. Phishing emails kickstart your fears and anxieties by suggesting there are “problems with your account” or insisting that “Urgent action is required.” Who wouldn’t be scared if their bank sent them an email saying, “You are overdrawn in your account”?

Cybercriminals use this fear to distract people so they will overlook the telltale signs of the phishing email like misspellings or common fear-inducing subject lines.

Take screenshots of all of the legitimate emails from your bank, credit card companies, and other business that manage your sensitive information. Use these screenshots to compare with future emails you receive so you can spot phishing phonies and avoid ransomware.

Step 3: Bookmark Most Visited Websites

The next step in your ransomware-avoidance journey is to bookmark all of your most visited websites. Just as with phishing emails, cybercriminals build websites that look like bank or credit card sites. Then they trick users into clicking a link and visiting them. From there, hackers steal your sign-in credentials or infect your computer with malware.

Think twice before you visit a website by clicking a link in an email, comments section, or private messaging app. Instead, bookmark your most visited or high-value websites and visit them through your browser.

Step 4: Backup Data to the Cloud and a Hard Drive

This step is a no-brainer. Ransomware works if you only have one copy of your data. If it’s irretrievable, then cyber thieves have the upper hand, but if you have multiple copies, you have taken away the power behind the threat.

Back up your data to both a cloud service and a hard drive. That way, you have a copy that’s available anywhere there’s internet access and one that’s physically accessible all the time. Both types of storage are relatively inexpensive and will certainly prove worth it if you’re ever a ransomware target.

After backing up your data, set up a schedule so you can keep your data current. If you haven’t backed up your data in six months, you’re probably just as vulnerable to ransomware attacks as having no backup at all.

Step 5: Install Cybersecurity Software

Ransomware is constantly evolving as hackers develop new, more dangerous strains. For users, preemptive steps rock, but unless you download and install comprehensive cybersecurity software, your data is still vulnerable to malware infection.

Here’s a phrase worth remembering: ransomware is a nightmare. After cyberthieves encrypt your data, the chances of recovering it are slim to none…and slim just left town. The story of ransomware doesn’t have the Hollywood, happily-ever-after ending. It will definitely leave you teary-eyed…just for the wrong reasons.

About the Author

Rui Lopes AuthorRui Lopes has spent the last 15 years working for Panda Security and currently heads up the Pre-Sales Engineering team in North America.  A cybersecurity expert with extensive industry knowledge, he’s passionate about solving complex technical challenges for customers and educating them on the latest cybersecurity developments. He holds several technical certifications and has contributed to multiple IT publications as an IT Security columnist. Rui can be reached online at and at our company website