How to protect your
small business from

Web content filtering ensures internet environments are safe for schools, universities, and government entities by blocking unwanted online content. Learn how to prevent web-based threats from striking today.

Small business ransomware protection best practices

As the owner of a small business or enterprise, you’ve probably seen incidents of ransomware attacks on the news. Usually, the ransomware reports that gain the most traction in the media are about high-profile organizations such as hospitals, schools, government bodies, and critical national infrastructures like the Colonial Pipeline. Attacks against such organizations can devastate their productivity and cost millions in recovery.

What you may not know is that ransomware can strike an organization of any size. Some strains of ransomware, like WannaCry, propagate indiscriminately, while others are used in targeted attacks. Either can impact a small business or enterprise.

Although larger organizations usually have the resources to recover from a ransomware attack, small businesses are more vulnerable to such threats. In fact, the National Cybersecurity Alliance says that most small businesses like yours shut down within six months of a cyber attack. Other cybersecurity researchers say that most small to medium-sized businesses won’t survive a week after a ransomware infection.

Inadequate cybersecurity measures are the most common reason. The best ransomware protection requires proactivity, not reactivity. Without ransomware protection in place, there’s little your business can do to stop or recover from a ransomware attack.

Moreover, the loss to a small enterprise’s data, workflow, relationships, and reputation can be significant. Paying the extortionists offers no guarantee of access restoration. The attackers may launch further attacks, sell your sensitive data to other bad actors, or simply stop responding.

The authorities are certainly trying to protect you. World governments are forming alliances against ransomware operators. Law enforcement is also hitting back with initiatives, like the FBI’s successful disruption campaign against the hive ransomware structure.

Unfortunately, it’s not enough.

As the ransomware-as-a-service (RaaS) business model rises in popularity, extortionists with basic technology skills are accessing and utilizing some sophisticated ransomware against easier targets like small businesses. You may have recently read about the FBI alert about Zeppelin ransomware, aka Buran, which is a RaaS that can use multiple attack vectors.

Investing in ransomware protection is the most effective way to stop emerging threats like ransomware.

Read this in-depth ransomware protection guide for small businesses and enterprises for more on:

  1. What is ransomware?
  2. What is ransomware protection?
  3. Best protection from ransomware
  4. How should a company handle a ransomware attack?


Ultimate visibility, detection, and remediation to eradicate ransomware and other malware from your organization’s endpoints. Discover cloud-native ThreatDown EDR with 72-hour ransomware rollback, and flexible security add-ons such as Device Control, DNS Filtering, and Cloud Storage Scanning.


What is ransomware protection?

Before we explain ransomware protection, let’s start with a ransomware definition. Ransomware is a type of malicious software that stops you from accessing your system or computer files by locking you out, encrypting your data, or both. It then demands an extortion fee to restore access.

So, what is ransomware protection? Well, ransomware protection is the group of measures your small business can take, such as adopting antivirus programs with anti-ransomware technology and investing in employee cybersecurity education, to defend against, identify, and respond to ransomware attacks.

Why is ransomware protection important for businesses?

Ransomware protection is essential because such attacks are rising steadily, both in frequency and complexity. A ransomware attack can hurt a company’s revenue, culture, data, operations, and reputation. It may also result in regulatory and legal costs. The bottom line is that good ransomware protection may be the difference between your company thriving or shutting down for good.

What to do if your business experiences a ransomware attack

The first thing to remember after experiencing a ransomware attack is that it’s best to stay calm. Many ransomware strains utilize scareware tactics to force victims into making bad decisions, such as paying the attacker immediately. While the efficacy of your response depends on the scope of your ransomware protection measures, there are some steps you should immediately take after a ransomware attack.

Disconnect suspicious devices

After gaining a foothold in your organization, ransomware propagates through networks. Identify the ransomware entry point with the help of your IT team and disconnect all infected machines from the network to prevent the malware from spreading.

Identify the ransomware

There are hundreds of strains of ransomware, with new ones on the horizon. Identifying the type of ransomware infection can help with the recovery process and prevent unforced errors. For example, using the wrong decryption script may encrypt your files further.

Determine the scope of the attack

Investigate the scope of the ransomware attack. Did the ransomware encrypt your files or lock you out of your system? Do you have backups? The volume and sensitivity of the files impacted by the ransomware will also affect your response. For example, you may not have to consider paying the attackers if the files are non-essential.

Initiate your disaster recovery plan

You must have a disaster recovery plan as part of your ransomware protection protocols. Your disaster recovery plan should outline how you can disinfect the malware, restore access to your files from backups, and minimize the impact of the attack on your organization.

Initiate the plan to start the recovery process with your IT team. If you don’t have an IT team, consult with a Managed IT Services provider with a specialty in cybersecurity immediately.

Report the incident

Please report the attack to law enforcement, regulatory agencies, or other relevant organizations, as necessary.

Ransomware protection tools for businesses

The best ransomware protection tools can protect your businesses from malware that encrypts your data or locks your systems. Here are a few examples of solutions you can invest in:

Ransomware protection products

In the age of remote working, more ransomware gangs are targeting vulnerable endpoints to infect organizations with ransomware. A top EDR product can offer excellent enterprise ransomware protection by giving you the ability to roll back up to 72 hours per endpoint, even if you get ransomware.

Many businesses are outsourcing their security needs nowadays by finding managed detection and response, service providers. So, what is managed detection and response (MDR)? In a nutshell, this is a cost-effective cybersecurity service managed by a team of advanced analysts and threat researchers tailored to your organization’s needs. Investing in advanced MDR services can help your resource-constrained team remediate threats like ransomware.

Operating systems with built-in protection

Software giants realize that their customers need help with emerging online attacks. That’s why operating systems are rolling out features that defend against ransomware. Here is how to enable ransomware protection in Windows 10 or Windows 11:

  1. Open the Windows Security app.
  2. Pick Virus & threat protection. 
  3. Look for Ransomware protection.
  4. Pick Manage ransomware protection.
  5. Activate controlled folder access.
  6. Add folders to your list of protected folders to shield them from ransomware.

Please note that Windows anti-ransomware protection isn’t flawless as of now, and the system may throw up some false positives. However, it’s improving regularly with updates and can be a useful defense mechanism.


Ransomware decryptors are useful tools that can help you recover your files without waiting for a decryption key from a ransomware author. These decryptors are usually made by cybersecurity experts and work for a specific ransomware family. You must correctly identify the ransomware strain to use the decryptor effectively.

Vulnerability scanner

Threat actors may quietly look for software flaws they can exploit to launch a cyber attack. A vulnerability scanner is handy because it helps identify such weaknesses in your applications, networks, and systems. Your small business can use the report from a vulnerability scanner to minimize your attack surface.

Application whitelisting

You can utilize an application whitelisting tool to control the applications that run on your network and block untrusted apps that may leave you vulnerable to a ransomware attack. Although application whitelisting isn’t a comprehensive cybersecurity measure, it can help improve your enterprise’s defense posture.

Strong spam filters

Malspam is a type of unsolicited spam email that carries a malicious attachment like ransomware. Strong spam filters can filter emails with ransomware by scanning for suspicious patterns, IP addresses, domain reputations, and scripts.

Utilize antivirus software

Not every antivirus software can stop ransomware. However, a next-generation antivirus (NGAV) solution that leverages antivirus ransomware protection technology can help detect and block ransomware infections on endpoints. NGAV solutions rely on Artificial Intelligence and Machine Learning to distinguish threatening patterns and block malware that may lack known signatures.

Password manager

Investigators find that hackers often exploit weak or stolen passwords to breach network security for ransomware attacks. Ensure that your business uses complex passwords and changes them regularly. Utilizing a good password management system can help set strong login credentials. You can also activate Multi-factor authentication (MFA) for extra security that goes further than a username and a password.

Infrastructure management and monitoring

Small businesses and enterprises can effectively use infrastructure management and monitoring tools to detect and respond to cyber threats. A good tool will identify suspicious events before they escalate into full-scale attacks. An endpoint detection and response security system is an excellent example of such a tool. It guards your laptops, desktops, and mobile devices. Utilize a top EDR security system to gain a better understanding of threats against your organization today.

Backup files

Leverage data backup technology to improve recovery time after a ransomware attack. Create regular backups and store them offsite for the best results. Please also consider investing in air-gapped systems for your backups. Air-gapped systems are significantly less likely to get infected by ransomware because they’re not physically connected to a network.

Use a secure browser

Ransomware can spread through websites that use drive-by downloads. A secure browser can shield your system from such techniques. It uses technology like sandboxing, malware detection, script blocking, and ad blocking to reduce your business’s exposure to malicious software.

Use a VPN

Attackers often use Remote Desktop Protocol (RDP) ports in cyber attacks. You can either close unnecessary ports or have employees connect to company networks via Virtual Private Network (VPN) instead of RDP to improve ransomware protection.

Access management

With access management tools, enterprises can control access to essential systems and data. Threat actors are less likely to breach your security by using compromised credentials when accounts are privileged.

Don’t let the first signs of a breach go undetected.

Explore ThreatDown Endpoint Security and Antivirus Business Products:

Managed Detection and Response (MDR) Service

Related articles

Featured Resources

Ransomware Protection FAQs

How can ransomware affect a business?

Ransomware is a dangerous type of malware that prevents your business from accessing your system. It can negatively affect your business in multiple ways, depending on the type of ransomware strain and the depth of the attack.

Here are a few ways it can affect your company:

Morale: Suffering from any cyberattack can be demoralizing for a business. But a ransomware attack can be particularly demoralizing if it brings your operations to a halt. The scareware tactics some ransomware strains employ can also be stressful. Moreover, the long-term ramifications of a ransomware attack can be demoralizing for a business owner too.

Data: With your critical data and files inaccessible or corrupted, your business can suffer from severe data loss, impacting productivity, deadlines, and revenue. If a ransomware group exfiltrated data during an intrusion, you may face blackmail or find your data sold on the Dark Web.

Finances: Many small business owners don’t realize how expensive a ransomware attack can be until it’s too late. The cost of the ransom aside, which can range from tens to hundreds to sometimes millions of dollars, you must also pay an IT team for recovery, restructuring, consulting, software, and other recovery services. During the entire recovery period, your business may also suffer from a severely diminished income.

Legal: Depending on the depth of the attack and your local laws, your business may face legal and regulatory hurdles if you don’t protect your client data.
Relationships: Businesses can take years to carefully develop their reputations and relationships with their customers and partners. A ransomware attack can hurt these relationships significantly.

How to defend your enterprise against ransomware

Defending your enterprise against ransomware attacks requires a multi-pronged and holistic approach. The best way to protect against ransomware is to invest in top ransomware attack protection software, learn about ransomware protection best practices, and outsource your cybersecurity needs to a team of specialists where necessary.

Train employees: Train your employees to steer clear of unsafe websites, set strong passwords and avoid common attack vectors such as malspam, malvertising, spear phishing, and social engineering. Frequent training and awareness workshops can help employees understand the risks and best practices for avoiding ransomware. In addition to employee education, run phishing attack simulations to identify and find vulnerable users in your organization. Enhance their training to reduce your risk.

Protect endpointsSecure the endpoints in your business, such as desktops, laptops, smartphones, tablets, and workstations. Read more: What is Endpoint Protection?

Patch software: As mentioned, keep your software up to date by downloading and applying the latest security patches. Many strains of ransomware are still active because companies avoid patching their software. Explore Vulnerability and Patch Management tools to find and patch vulnerabilities exposing your business to breaches.

Improve your intelligence: Invest in a top vulnerability management program to identify and remediate potential vulnerabilities. Such vulnerabilities can be exploited by threat actors to attack your system with ransomware.

Close RDPs: Remote Desktop Protocol (RDP) ports are a common attack vector for ransomware. Disable RDP if your small business doesn’t use it or close RDP ports to external access. As mentioned, using a VPN can improve security.

Limit access: Protect your computer from ransomware attacks by limiting access to authorized personnel. In addition, segment networks and monitor them for red flags.
Invest in zero-trust system framework: A zero-trust framework can be challenging to implement, but it can protect from ransomware attacks by restricting access and verifying the identity and trustworthiness of each device, user, and application in an enterprise.

Backup your data: Regularly backing up critical data and storing it securely offsite may seem like a pain, but it can minimize your operational downtime after a ransomware attack.

Develop a response plan: Protect from serious ransomware ramifications by developing a clear and concise disaster recovery plan outlining the restorative process after an attack. Your response plan should outline how to restore systems and data and how to detect and contain ransomware. Please also utilize incident response for business solutions to gain agility against cybersecurity threats.

As the recent ransomware attack against The Guardian showed, a ransomware attack can target any organization, regardless of size or industry. Businesses must invest in the best tools and strategies to elevate their ransomware protection and stay one step ahead of increasingly sophisticated malware strains and extortionists.

Do companies have to pay for ransomware?

For years, Malwarebytes has advised against paying ransomware gangs. For one, it encourages extortionists to continue engaging in criminal activities. Any business that has given in to a ransomware gang’s demands is likely to be considered an easy mark for another attack.

There are also no guarantees. Some ransomware gangs disappear after being paid without restoring access. And experts say that payments for some strains of ransomware are challenging to track for their authors. For example, researchers found that WannaCry ransomware is built on a faulty payment structure, with attackers having no system to determine who paid what and which computer should be released.

In addition, many ransomware gangs nowadays double dip with double extortion methods. After receiving payment, they may only restore access to a small segment of your files and demand more money.

We believe that being protective is the best ransomware protection. In other words, adopting defense measures and practices is the best way to defend against ransomware attacks. 

Which industries are most likely to pay for ransomware?

Although industry professionals know that there are no guarantees, some organizations feel they have no choice but to pay the ransom in order to retrieve vital data or systems essential to their operations after an attack.

Here are the industries that are more likely to pay for ransomware:

  1. Healthcare
  2. Finance
  3. Education
  4. Government and public services