A Threat No One Can Ignore: The Threat of Ransomware Expands to Include Small and Medium Size Businesses

May 31, 2023

You likely heard about, and may have been affected by, the Colonial Pipeline Company ransomware attack in May 2021, but you probably are unaware of the ransomware attack that targeted Lincoln College later that year, forcing the institution to close in May 2022. This is because after years of ransomware attacks against high profile targets such as Colonial Pipeline, Sony Motion Pictures, JBS Foods, and Kaseya Limited, cyber criminals are changing their tactics and who they target in order to increase the likelihood of the success of the attack and reduce scrutiny. International government coalitions looking at the global threat of ransomware highlighted that recent trends show that criminal enterprises appear to be shifting away from "big game" hunting, as the vast majority of ransomware attacks in 2021 targeted small and medium size businesses.

As the threat of ransomware attacks to organizations globally increases, it is important for businesses both big and small to be aware of the risks that ransomware attacks pose and take the necessary steps to ensure their data is protected from such an attack.

●      Ransomware is a type of malicious software designed to encrypt the data available on the host’s network, according to the Cybersecurity and Infrastructure Security Agency (CISA). Once encrypted, the data is held for ransom and locked until the owner pays a fee to receive the decryption code.

Ransomware poses one of the biggest cyber threats to organizations globally. There is an attempted ransomware attack in the US every 14 seconds, according to CISA statistics. These attacks result in an estimated over USD 1 billion in ransom payments annually. When the costs associated with data recovery, IT, and loss of business were added in, the total price tag rose to USD 7.5 billion in the United States in 2019 alone.

Historically, hackers have committed high profile ransomware attacks targeting large businesses and critical infrastructure. For example, cyber criminals targeted Colonial Pipelines Company for a ransomware attack on 6 May 2021, shutting down several of their oil pipelines, stealing over 100 gigabytes of data, and forcing the company to pay a USD 4.4 million ransom. A few years earlier, Sony Motion Pictures was hit with a ransomware attack on 24 November 2014, which was responsible for over 100 terabytes of data being stolen, including confidential internal documents such as emails, contracts, and employee personally identifiable information (PII).

However, cybersecurity authorities in both the US and abroad have observed in recent years that hackers have expanded their focus beyond large corporate entities to target smaller businesses. According to the Ransomware Task Force, small businesses were the target of 70 percent of ransomware attacks in 2021. This shift has allowed malicious actors to target companies that can pay a sizable ransom without the negative media and law enforcement attention that is nearly unavoidable with large corporate entities. Recent examples include Cincinnati State Technical and Community College, where cybercriminals gained access to and published sensitive personally identifiable information (SPII) of students and faculty; Heibronner Stimme, where a ransomware attack forced the company to halt circulation of their newspapers and limited the ability of their online platform; and the André Mignot Hospital, where cybercriminals forced the hospital to halt operations and demanded a ransom of USD 10 million.

Cybersecurity authorities have assessed that ransomware attacks will continue to persist as long as such attacks remain profitable. While mitigation of the risks posed by ransomware attacks requires long term investment and continuous monitoring, here are some best practices that companies can implement immediately to protect against such an attack:

  1. Backup data. Backing up data and storing a hard copy offline drastically mitigates the risk of a crippling ransomware attack.
  2. Utilize multi-factor authentication (MFA). MFA prevents unwanted entry into a company’s computer networks by forcing any user to authenticate themselves through a predetermined method.
  3. Ensure operating systems and software are up-to-date. Software providers are constantly monitoring for new threats to their systems and the updates they provide offer protection against emerging threats.
  4. Pay attention to ransomware events and apply lessons learned. The cyberthreat landscape is constantly evolving. A company not up-to-date on the latest threats is a company at the greatest risk.
  5. Review and exercise incident response plans. Routine practice of a company’s incident response plan is an investment that could mitigate the risk to the company’s money, time, and reputation.

The best practices listed above are a great start to ensure protection of your network; however, additional steps are required to ensure the highest level of security. Red Five offers several services that can help protect companies from the significant consequences of a ransomware attack, including cyber audits and network technology reviews, dark web monitoring, and business continuity planning.

Nick Nemtuda, Red Five OSINT Analyst

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

a compilation that shows both the Palestinian and Israeli flags.
Threat Monitoring

Protests and Disruptive Activity Likely Through the Weekend Following Hamas Calls for Global Protests

International calls to protest by the former Hamas chief will likely lead to an uptick of demonstrations in support of Palestine worldwide through the weekend.
October 13, 2023
A group of men sit around outdoors with two jeeps that appear to be worked on.
Red Hands Helping

Fox Bravo Overland and Red Hands Helping honor heroes with wilderness therapy out west

Red Hands Helping, the charitable arm of Red Five Security, supported Fox Bravo Overland this summer in getting first responders and veterans into the wild for some nature therapy amongst peers.
November 9, 2023
Cyber Security

Actions to Counteract Russian Cyber Retaliations

The Russian invasion of Ukraine could lead to involvement from NATO, U.S. troops and advisors. This involvement could end badly with the Russians seeking ways to retaliate against intervening nations. One likely response to a Russia-U.S. standoff over Ukraine is cyber-attacks committed by Russian-backed hackers against a wide range of U.S. targets, to include commercial, financial, and government entities. Cyber-attacks like these can be multi-pronged, widespread, and have catastrophic impact on their primary targets along with secondary and tertiary fall-out.
February 23, 2022

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.