Ransomware Is Increasingly Targeting Small and Medium-Sized Businesses

Ransomware operators are increasingly shifting their focus to small and medium-sized businesses. As ZDNet reported, attackers are deliberately targeting business networks rather than individual consumers, and SMBs are bearing the brunt of it.

A Kaspersky report found that ransomware groups target smaller companies because they’re easier to compromise and losing access to their data is often catastrophic. When a 100-person company loses access to its files, operations stop immediately. That urgency makes smaller businesses more likely to pay the ransom, and pay it faster.

Why SMBs Are Easier Targets

Large enterprises typically have dedicated security teams, layered defenses, and incident response plans. Most SMBs have none of these. The security gap creates an obvious opportunity for attackers:

• Limited IT staff: often a single person or small team managing everything, with no dedicated security role
• Outdated systems: unpatched servers and endpoints running software past end-of-life
• No backup strategy: or backups that aren’t tested, aren’t air-gapped, or don’t cover critical systems
• Flat networks: once ransomware gets in, it spreads to every system without segmentation to contain it

What SMBs Should Be Doing

Ransomware defense doesn’t require an enterprise budget. It requires doing the fundamentals consistently. Threats like WannaCry, which is still spreading years after a patch was released, prove that the basics still trip up most organizations. Here’s where to start:

• Endpoint detection and response that catches ransomware behavior before encryption starts
• Tested, offline backups through a proper backup and disaster recovery plan
• Network segmentation to limit blast radius if one device is compromised
• Employee training to reduce the phishing clicks that start most ransomware attacks
• 24/7 monitoring so threats are caught overnight and on weekends, not just during business hours

The cost of these protections is a fraction of a single ransomware payment. For SMBs, a single incident can easily run into six figures when you factor in downtime, recovery, and lost business.