SMB Guide to Combating Ransomware

SMB Guide to Combating Ransomware

Written by Matthew Metelsky

November 7, 2023

Imagine waking up to find your business data encrypted and a ransom note on your screen. This is the reality for many SMBs facing ransomware attacks.

In February 2023, Indigo, one of Canada’s leading retailers, faced a significant ransomware attack. This cyber incident disrupted their operations, impacted their financials, and compromised personal data. So, too, did Sobeys, Suncor, and SickKids. Such a high-profile attack on a prominent Canadian brand underscores businesses’ vulnerabilities in today’s digital landscape. Now only imagine how many SMBs did as well.

As leaders of SMBs, you’re not just business owners; you’re pillars of your community. The trust and rapport you’ve built over the years are invaluable, making the threat of ransomware even more personal.

What is Ransomware?

Ransomware is malicious software designed to block access to a computer system or data, holding it hostage until a sum of money, or “ransom,” is paid. For Canadian SMBs, ransomware threatens data and the integrity and trust foundational to their business relationships. But how does such a threat find its way into a system?

Often, the journey of ransomware begins with a simple phishing email. Attackers craft deceptive messages that lure recipients to click on malicious links or download infected attachments. In other instances, cybercriminals exploit known vulnerabilities in outdated software, gaining a foothold in systems that aren’t regularly updated. Some unsuspecting users might download ransomware bundled with seemingly legitimate software or be tricked by fake software updates. Another avenue of attack is the Remote Desktop Protocol (RDP). Weak or stolen RDP credentials can be a gateway for attackers. Sometimes, just visiting a compromised website, known as a drive-by download, can result in a ransomware infection.

Once ransomware gains entry, it swiftly encrypts the victim’s files, rendering them inaccessible. A ransom note soon follows, demanding payment for the decryption key. The fallout from a ransomware attack is profound. Beyond the immediate financial burden of the ransom, businesses grapple with operational disruptions, potential data loss, and reputational damage. The threat looms even larger for SMBs, which might not have the extensive cybersecurity infrastructure of enterprise corporations.

How ransomware incidents occure

According to the Canadian Centre for Cyber Security’s Ransomware Playbook, ransomware incidents have become more sophisticated, targeted, and complex. The impact on businesses can profoundly disrupt operations and hold vital data hostage.

Growing Awareness by SMBs

Recent findings from Datto’s 2023 State of Ransomware report highlight the increasing awareness and proactive measures SMBs take in the face of cyber threats. This growing awareness isn’t just about protecting assets; it’s about preserving the community-driven ethos that Canadian SMBs hold dear. By investing in cybersecurity, these businesses also invest in the trust and confidence of their community and clientele.

  • SMBs actively allocate resources towards cybersecurity, with network and cloud security emerging as top investment areas.
  • About a fifth of the IT budget of SMBs is dedicated to security, and 47% plan to invest in network security in the upcoming year.
  • Over half of SMBs have implemented anti-virus (AV) and email/spam protection, and many are planning further investments in network and cloud security.
  • Regular security assessments are becoming a norm, with 37% of SMBs conducting IT security vulnerability assessments three or more times annually.
  • The adoption of cyber insurance is on the rise, with 69% of SMBs currently having coverage. This insurance is a crucial buffer against the financial implications of cyber threats.

The Ransomware Landscape

  • According to Trend Micro, the number of victim organizations worldwide surged in the first half of 2023, reaching 2,001. This represents a 45.27% increase, underscoring the escalating threat of ransomware globally.
  • A 2023 report from Statistics Canada highlighted the impact of ransomware incidents on Canadian businesses over the past year.
  • Cybersecurity has emerged as a pressing concern for SMBs. In 2023, 54% of SMBs expressed increased concern about cybersecurity compared to the previous year, with only 15% feeling confident in their current measures.

Building a Resilient Defense Against Ransomware

The cornerstone of cybersecurity is preparation, with the Canadian Centre for Cyber Security emphasizing a multi-layered defense strategy. By setting up robust defenses and having a clear plan, businesses can significantly reduce the risk of ransomware attacks and ensure swift recovery if they do occur.

Ensure you have regular backups of your essential files and data. These backups should be stored separately from your primary systems, preferably offline, to prevent them from being targeted in an attack. Periodically test these backups to ensure they can be quickly restored.

Actionable Insight: Ask your IT team or service provider about the frequency and security of your backups.

System Templates: Maintain a clean, updated version of your critical computer systems, known as “golden images.” These are like a blueprint of a fully functional system that can be deployed rapidly if your main system is compromised.

Actionable Insight: Inquire about the availability and last update of these “golden images

Emergency Response Plan: Develop a clear plan detailing the steps to take in the event of a ransomware attack. This plan should include immediate actions, communication protocols, and recovery steps.

Actionable Insight: If you don’t have a plan, it’s time to create one. If you do, ensure it’s reviewed and practiced regularly.

Insurance: Evaluate the benefits of cyber insurance for your organization. It can act as a buffer against the financial implications of cyber threats.

Actionable Insight: Consult with your existing insurance provide and understand your current protection and if cyber insurance is an option.

Proactive Measures to Safeguard Your Business

While preparation lays the foundation, proactive measures are the first defense against potential threats. By actively safeguarding your business infrastructure and staying updated, you can deter most cyber threats before they become critical issues.

Secure Online Access: If your business uses remote access tools, like Remote Desktop, ensure they’re not openly accessible from the internet. They should be protected with strong passwords and, ideally, multi-factor authentication.

Actionable Insight: Review the security measures for any remote access tools you use.

Vulnerability Assessments: Regularly assess your computer systems to identify potential weak spots. This is akin to a health check-up for your IT infrastructure, pinpointing areas susceptible to attacks.

Actionable Insight: Schedule regular assessments internally or through a third-party expert.

Software Updates: Keeping software and systems updated is crucial. Cybercriminals often exploit known vulnerabilities in outdated software. Ensure that patches and updates are applied promptly.

Actionable Insight: Ask about the schedule and process for software updates within your organization.

Least Privilege Principle: Limit employee access to the necessary functions and privileges to complete tasks. This reduces the risk of internal threats and accidental breaches

Actionable Insight: Review user access levels and permissions regularly to ensure they align with job roles.

Use Security Tools: Equip your systems with anti-malware, anti-virus software, and firewalls. To enhance security, consider further use of web filtering and email authentication systems.

Actionable Insight: Review the current security tools and consider any additional measures that might bolster your defenses.

Recovery from a ransomware attack requires a straightforward process, from immediate response actions to subsequent recovery steps. Being proactive and having these plans in place is crucial. The Canadian Centre for Cyber Security recommends a multi-layered defense strategy, emphasizing the importance of preparation, protection, and prompt recovery.

Empower Your First Line of Defense

One of the most effective ways to bolster your organization’s cybersecurity is by ensuring that every team member is educated and vigilant. Employees often interact with potential threats daily, from emails to web browsing. By equipping them with the knowledge and tools to recognize and respond to these threats, you transform your workforce into a formidable barrier against cyberattacks.


  • Regular Training Sessions: Host periodic training sessions to educate employees about the latest cyber threats and the best practices to counter them. This can include recognizing phishing emails, safe web browsing habits, and the importance of strong password practices.
  • Simulated Attacks: Conduct simulated phishing attacks to test employees’ ability to identify and report malicious emails. This hands-on approach can be an eye-opener and reinforces the training they receive.
  • Clear Reporting Protocols: Ensure employees know whom to contact if they suspect a cyber threat or believe they’ve made an error, like clicking on a suspicious link. A swift response can mitigate potential damage.
  • Stay Updated: Cyber threats are continually evolving. Regularly update your training materials to reflect the latest risks and countermeasures.

Actionable Insight: Consider implementing a monthly cybersecurity awareness day where employees participate in workshops, quizzes, and discussions about online safety. This can foster a culture of cybersecurity mindfulness. Also, consider creating a feedback loop where employees can share their insights and experiences related to cybersecurity, fostering a community of shared learning.


One of the pressing challenges businesses face when hit by ransomware is the decision to pay the ransom. The Canadian Centre for Cyber Security advises against it, emphasizing that payment doesn’t always guarantee data decryption. Furthermore, cybercriminals might demand more money, persist in attacks, or leak confidential information.

If you believe your organization has fallen victim to cybercrime, immediate action is essential:

  • Report the Incident: Contact local law enforcement and the Canadian Anti-Fraud Centre for guidance and potential investigation.
  • Seek Expertise: Reach out to the Canadian Centre for Cyber Security. Their expertise can help mitigate the cyber incident’s impact.
  • Notify Affected Parties: If personal data is at risk, inform the affected individuals to take protective measures.
  • Review and Strengthen Security: After addressing the threat, evaluate the incident and enhance your security protocols to prevent future breaches.

For Canadian SMBs, combating ransomware goes beyond just data protection. It’s about preserving the trust, community, and collaboration that form the backbone of their business ethos. Being informed, prepared, and prioritizing cybersecurity is paramount in defending against ransomware. The aftermath of a cyber incident is as pivotal as the preparation. A well-defined response strategy, combined with the right resources, can significantly influence the recovery and impact of such events.

Understanding ransomware’s threat is the first step. As an SMB leader, proactive measures are vital to protect your business and the trust you’ve cultivated in your community. If you seek expert guidance in navigating cybersecurity’s intricacies, consider partnering with us. Our Managed IT solutions, tailored to your specific needs, ensure your business stands resilient against the ever-evolving cyber threats.

Explore Our Managed IT Solutions or Schedule a Consultation to fortify your cybersecurity strategy.

You May Also Like…