Fighting ransomware in the SME space

Due to the amount of revenue being generated by cyber criminals, experts are predicting that there will be continued growth in both the sophistication of targeting and in the volume of attacks on SMEs.

Just recently there has been an example of an SME’s vulnerability when the central key management system of an Austrian hotel was locked by ransomware. This meant that new keycards could not be programmed until the ransom was paid.

>See also: The evolution of ransomware: what lies ahead?

Outright prevention of ransomware attacks is practically impossible and anti-virus software alone cannot guarantee protection. However, there are some essential steps SMEs can take to reduce the risk and impact of ransomware attacks.

Keep up to date

Knowing what to look out for is a crucial starting point. Stay informed on the latest developments in malware and keep up to date with the latest antivirus software updates and patches.

Educate staff to understand where the risks lie

It only takes one uninformed member of staff to open an infected attachment for your whole business to be affected. Make sure your team is clear about how to identify potential phishing emails as well as the recommended procedures to follow in the case of a breach or infection. Doing so can help to get incidents under control quickly, reducing the amount of damage caused.

SMEs, which might not have the dedicated in-house IT staff to address cyber security challenges, can also take advantage of initiatives such as the government’s cyber essentials scheme (CES).

The scheme provides advice and guidance for those looking to take their first steps into cyber security or simply improving existing processes.


In Databarracks’ view, companies should plan for impacts and test for scenarios. Impact-based planning works on the assumption that while there are an infinite number of possible disasters, the number of potential consequences at the operational level is much smaller.

>See also: Can’t pay? Won’t pay? They’ll take your data anyway

Scenario-based planning asks users to anticipate the consequences of a disastrous event and create solutions ahead of time.

However, certain threats do require a specific response and this is the case for ransomware.

Full scale DR testing may not be possible for every SME, but exercises such as a tabletop test that involves organisations responding to simulated disruption by walking through their recovery plans, outlining their responses and actions, should be carried out as a minimum.

Make a ransomware attack the focus of your next test. Doing so will demonstrate how your team would cope in this scenario and will help to create a step-by-step play book for dealing with a real attack in the future.

Backing up and recovering

In the instance that your organisation is infected with ransomware you have two options: recover the information from a previous backup or pay the ransom.

When recovering, the main objectives are to minimise the amount of data loss and to limit the amount of IT downtime for the business.

Traditional disaster recovery services are not optimised for cyber threats. Replication software will immediately copy the ransomware from production IT systems to the offsite replica.

>See also: 30% of NHS Trusts were victims of ransomware attacks

Replication software will often have a limited number of historic versions to recover from so by the time an infection has been identified, the window for recovery may have passed. Therefore, recovering from ransomware is often a lengthy process that requires reverting to backups.

This often involves trawling through historic versions of backups in order to locate the clean data. Partnering with a specialist can dramatically reduce this process, ensuring faster recovery and ultimately greater peace-of-mind.

The reality is that the pervasiveness of cyber attacks, particularly ransomware, means that SMEs must now look at their business with the view that an infection will take place, rather than might.

However, by keeping software up to date, having an informed workforce, and having an incident response plan in place with effective backup, the threat of ransomware can be significantly reduced.


Sourced by Peter Groucutt, managing director at Databarracks

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...