surviving ransomware attackJust imagine, you’re at the keyboard, working on the proposal that will land you the client of a lifetime, when all of a sudden—WHAM!—your screen goes blue.

You’ve barely had enough time to register your surprise, then this message appears:


All your files have been encrypted. The cost to decrypt your files is 0.076 bitcoin.

Please follow the following instructions to make payment:

1. Send 0.076 bitcoins to bitcoin wallet #XXXXXXXXXXXXXXXXXXXXXXX

2. Please email us with your bitcoin wallet information at”

What would you do next? Curse? I’m not here to judge you. I mean, it’s gotta be a drag, right? You’re too busy for this! Wouldn’t you rather you didn’t have to deal with it?

Ransomware is a new and developing danger

Viruses, malware, and dirty tricks are nothing new. Then in 2013, a few devious sorts realized they could encrypt valuable files and demand the victim pay to get it back, and some of them actually would.

Smelling greenbacks, fraudsters of all stripes abandoned their old scams and piled in on this new one, growing to a $2 billion dollar a year industry. That’s two billion clams chiseled out of hardworking business owners like you.

Plus, that’s just the ransom payments. The damage caused by disruption, lost productivity, headaches, anger, and stress is many times greater.

Ransomware now comes in many flavors. Some attacks seek out your most valuable files and encrypt them, and others just encrypt your whole hard drive.

What makes this so much more frustrating than other malware is that even when you clean it from your system, the files are still encrypted. If you’re not prepared, this can freeze your whole operation. Getting this right is an important part of managing your small business IT.

How ransomware spreads

Ransomware developers have tried all sorts of ways to get their malware onto your machine—they dream up new techniques all the time. Most of these attacks rely on trickery to fool you into installing the malware yourself.

But some ransomware exploits security vulnerabilities in your software that don’t need to trick you into approving the installation. On the face of it, this might sound scarier—and if you’re vulnerable, it is. But these attacks tend to have a shorter lifespan because they’re completely shut down once the vulnerability is patched.

Email attachments

Most ransomware spreads by unsolicited email. These “phishing” emails masquerade as legitimate correspondence to trick you into opening an attachment that infects you with ransomware.

A variation on these phishing attacks that’s gaining popularity is the “spear phishing” attack. Instead of being sent in bulk, these emails are finely tailored to a specific individual—often using information culled from publicly visible social media profiles—in an effort to make them open the attachment. The attacker might pose as a juicy new client or even as one of your contractors or business associates.

Webpages that contain ransomware

Some websites contain malicious code that exploit vulnerabilities in your browser and operating system, or deceive you into agreeing to install the ransomware yourself.

Links to these websites can be embedded into phishing and spear phishing emails. You can also be directed to these by text links, banner ads, or browser popups.

The major search engines are generally a bit picky about which they trust and go to some lengths to filter out websites that host or link to malware. But it’s not completely impossible to find them in the search results.

Networking, file transfer, and remote support protocols

Occasionally, ransomware uses security flaws in operating systems or applications that let files spread and run on their own. Though these are much rarer, they can be devastating. Without the need for human participation, the ransomware moves almost instantly from machine to machine across networks and the internet.

Big tech companies are quick to patch these security holes as soon as they’re aware of them. This means that businesses who disable automatic updates and don’t apply these patches are by far the particularly vulnerable to this sort of attack.

How to protect yourself

Ok, so ransomware can be expensive, devastating, and it can reach you in all sorts of ways. How then do you keep yourself safe?

Invest in proper training

The vast majority of ransomware attacks need to trick someone, so you can slash your risk by making ransomware awareness a part of your IT security training.

Be sure any staff who use a computer are properly alert to suspicious email attachments and links, and be sure they’re alert not only to generic spam and bulk email, but also to spear phishing emails finely tailored to a business or an individual.

Ironically, tech-savvy business owners can be the worst at handling this; perhaps they feel it’s just too obvious. But, it’s a terrible idea to assume that what’s obvious to you is obvious to everyone in the office—the crooks only persist with these attacks because some of the time they work.

It’s better than nothing to just give everyone a policy document and a form to sign saying that they’ve read it. But it’s much better to talk it through with your workers to make sure they really understand.

Keep software up to date

2017’s two most catastrophic ransomware attacks—WannaCry and NotPetya—both exploited the same vulnerability in the Windows operating system to move from machine to machine without needing to trick human operators into installing it.

This vulnerability had been patched by Microsoft in March—well before these attacks hit in May and June. That’s billions of dollars of damage that never had to happen.

In a home office situation, the easiest way to keep your operating system patched is to just leave it set to automatically apply updates. Yes, those messages to restart your machine are annoying, but it’s nothing compared to losing all your work.

Another bit of software that many aren’t aware of is the firmware on the router: it’s kind of like the device’s operating system. If a hacker can control your router, they might redirect your web browsing to a page that installs ransomware. The instructions on updating firmware are in your router’s manual; use Google to find an electronic copy if you can’t find the one that came in the box.

But, what if you’ve got a more complex office environment and you’re not sure you can keep all your workstations and servers patched on your own? Then make sure this work is part of the service agreement with your IT support company.

Make sure you have backups

Nothing takes the sting out of a ransomware scare like knowing you’ve got a spare copy of all your data.

I mean, don’t get me wrong, it’s still a drag—you’ll still have an interruption to your business, which is always a real cost. So don’t skimp on training and security patches just because you have badass backups. You’re always better off avoiding the problem in the first place.

And yet, when all else fails, your backups make the difference between a hassle and a catastrophe.

For freelancers, consultants, tradesmen, home-office types, and anyone else with a basic single computer setup, a commercial cloud storage solution will be enough to keep your files. That way, you just keep all your important work documents in a folder that synchronizes to the cloud. Just make certain that your preferred cloud storage solution keeps old versions of your files.

If your operation’s a bit bigger, with several workstations networked to a server, you’ll need beefier backups. There’s enough work involved in configuring everything to work together that you really don’t want to have to duplicate it every time you restore from backup. This means backing up not just your documents, but entire workstation hard drives and server roles.

This is a lot more data and it might be frustrating waiting for it all to trickle through your internet connection, so maybe you need to keep onsite backups as well as uploading to the cloud.

Control access across your network

When you have more than one computer in the office, one thing that really impacts how hard you’re hurt is how much stuff the ransomware can encrypt. The more files and hard drives it reaches, the longer it’ll need to restore from backups and the more parts of your business will be interrupted in the meantime.

Your staff don’t need a user account with access everything on the network from their user account to be able to do their work—and in fact, they don’t even need access to everything on their own hard drive. They really only need access to the files they use to do their work.

Businesses tend to get this wrong by just letting every user account have full access to everything on the network. In a real nightmare scenario, this includes reaching your onsite backups. Your backups are the last thing you want scrambled in a ransomware attack.

So get your IT person to clamp down on how much of the network a malicious program can access, you can limit the damage to a fraction of what you might lose. This speeds your recovery and means less of your business is disrupted in the meantime.

Recovering from an attack

If you have good backups and a disaster recovery process that actually gets tested, recovering from an attack is a breeze.

Is it ever OK to pay the ransom?

The short answer is no.

Here’s the thing: Even if it would cost you $1500 in IT services and lost productivity to avoid a $500 ransom, that’s $1500 well spent.

So, how is paying ransom such a bad deal? Let’s jump right in:

  • You’re sticky-taping an A3 sign on your back that says “hack me.” Ever get the red carpet treatment from a supplier you’ve given valuable business to before? It’s just good sense to pay attention to where the money is coming from.

    The same is true for cybercriminals—except, instead of going the extra mile to keep you happy, they’ll go the extra mile to hack you again. As a confirmed paying customer, you’re a juicy target.

    And—let’s be real here—the fact that you’re paying ransoms to strangers to get your data back makes it a fairly safe bet that the rest of your security isn’t 100 percent.

    It gets worse: Cybercriminals also trade this information with each other, or sell it when they decide to move on. So, you definitely don’t want to be on the list.
  • It’s bad karma. As well as making yourself a much bigger target, paying a ransom makes life a little worse for everyone else trying to earn an honest buck. Because the only reason these guys keep showing up to this job is for the payday.

    So don’t add to this incentive. It’s terrible corporate citizenship.
  • There’s a strong chance it won’t work. A lot of ransomware efforts are more successful at infecting the target than they are at running their communication and payment channels. Other guys get spooked and abandon their scams while their work is still out in the wild—a few even get caught.

    This means you’re not just out of pocket for the ransom payment, but all the lost productivity from the time you’ve wasted.

After you recover

Once you’ve got your data back, it’s time to figure out what exactly went wrong. Was it a phishing email? Dodgy advertising? Unpatched software or operating systems? Whatever it is, you need to get on top of it to stop it happening again.

In the likely event that human error is involved, make sure everyone in the office is briefed on how the attack happened. There is a good chance they will be seeing similar attacks in the near future, so be sure everyone knows what to look out for.

Keep in mind, however, that it’s a very bad idea to get angry or assign blame—even if you’re super frustrated by what somebody did. This creates a disincentive to be transparent about what happened. That means poorer communication, which only helps the bad guys.

Summing up

Ransomware finds you up against some of truly devious minds, all actively dedicated to making your life worse.

But for all the computer wizardry that can go into these attacks, you don’t need to be Keanu in The Matrix to stay safe. All it really takes is some proper preparations and a good IT person to take responsibility for your systems.

Get these fundamentals right, and the odds are favorable you’ll evade most attacks and can bounce back fast when the worst happens. That leaves you free to focus on the things that grow your business.

AvatarJames Mawson

James Mawson is a business, technology, and marketing nerd. He is also a co-owner of DXM Tech Support, an IT services team based in Melbourne, Australia.