Morgan Stanley
  • Wealth Management
  • Aug 22, 2023

Defending Your Small Business From Ransomware

Ransomware attacks can be a big problem for small businesses. Learn about prevention tips and recovery strategies.

Each year, cybercriminals further advance their tactics and devise more sophisticated methods to attack. In 2022, ransomware breaches increased by 41% and the average cost of damages incurred by victims (not including the ransom itself) was $4.5 million.1

Cybercriminals often view small businesses as easy targets. But there are steps your organization can take to better protect itself against ransomware attacks. Here are some strategies you can consider that may make it harder for hackers to carry out a breach—and potentially limit the damage if they do.

Manage your Wealth

Find a Financial Advisor, Branch and Private Wealth Advisor near you

Ransomware Attacks: The Basics

Ransomware is a form of malware. During a ransomware attack, a cybercriminal hacks into your network or computer and determines which data, asset or application holds the most value to you. This information can be seized by either locking or irrevocably encrypting it, making it unusable to your organization.

The cybercriminal then demands a ransom in exchange for providing a key to decrypt or unlock your information.

Some attacks may go a step forward, using what’s called “double extortion.” In this scenario, the hacker will not only hold a victim’s data for ransom, but also threaten to publish the stolen data on the dark web. 

Who Is At Risk?

Every organization is susceptible to ransomware attacks, including small businesses and family offices. Even individuals can be targeted. Essentially, anyone with a computer connected to the internet or anyone with important data stored on their computer or network could be at risk.

Ransomware attacks can devastate organizations and leave them stranded without the data needed to operate. As ransomware demands continue to escalate, with the recovery price sometimes exceeding $1 million, the cost of the damage to an organization’s reputation can be even greater. The recovery process after an attack can often be lengthy and challenging.

Cybercriminals often target small businesses, believing they are more likely to skimp on security and other protective measures used by larger firms. Smaller businesses often don’t have the financial resources to survive lengthy downtimes, these companies are often more likely to pay the ransomware demand—and quickly, too. 

Gateways to Your Assets

Cybercriminals are clever and relentless. They use a variety of techniques to infect systems and continually evolve those methods to make their attacks harder to detect. The primary infection gateways include:

Email phishing: With this technique, a cybercriminal sends an email that seems authentic and looks like it’s from a trusted contact. The email typically asks the recipient to click on a link or download an attachment that contains malware. Fraudsters also sometimes hijack control of an email account with malware, which allows them to send emails from the account to spread the infection.

Remote Desktop Protocol (RDP) vulnerabilities: RDP is a network communications protocol that enables you to remotely connect to another computer. Cybercriminals can gain access to a computer with RDP enabled by obtaining user credentials through trial-and-error methods or purchasing them on the dark web. Once fraudsters obtain access, they can easily inflict malware on your system.

Software vulnerabilities: Cybercriminals are experts at detecting security vulnerabilities in popular software programs and exploiting them to gain control of your system and initiate an attack.

Online surfing: Simply clicking a digital ad or visiting a website that’s embedded with malware can infect your system.

Defending Your Data

Implementing a comprehensive ransomware prevention and recovery strategy that includes the following steps can make it harder for fraudsters to hijack control of your business—and easier to get back on track if a breach occurs.

Regularly back up your data: Backups may be the best way to restore your data. Once backups of your data are created, remember to physically store them offline and disconnect them from the computer or network you’re backing up. You may want to consider periodically testing your backups to ensure they’re working.

Consider employing a “3, 2, 1” strategy: Have three different copies of your data, use two different mediums for your backups (like a hard drive and a USB drive), and store at least one copy of your data offsite (such as on a Cloud backup provider).

Conduct training sessions: Your employees may be the weakest link in your security system. Educate them throughout the year about ransomware and develop ongoing awareness exercises, such as email phishing simulations.

Promptly apply security patches: These include security updates for your operating system, software and hardware. Establish a centralized, automated system for applying these patches as soon as they are available.

Utilize a reputable anti-virus product: An anti-virus product can conduct frequent security scans to check for malware and clean up an infection you may already have.

Follow Remote Desktop Protocol (RDP) best practices: This includes auditing your network for systems using RDP, closing unused RDP ports, applying multi-factor authentication (MFA) when possible and tracking RDP login attempts.

Develop a disaster response plan: A ransomware attack can create chaos within an organization. That’s why it’s essential to be proactive and have an incident response plan in place that includes your response and notification procedures. Consider including the name of a reputable IT support service or data recovery specialist as part of your plan.

For additional security best practices, see the FBI’s ransomware overview  or the Cybersecurity & Infrastructure Security Agency (CISA) Ransomware Guide.

Responding to an Attack

Organizations victimized by a ransomware attack face difficult choices. If your organization is a victim, the FBI recommends contacting your local FBI office. You can also report the crime to the Internet Crime Complaint Center (IC3), CISA or a Secret Service Field Office. Individuals who experience an attack should also alert their Morgan Stanley Financial Advisor.

Reporting attacks helps provide investigators with the information needed to track and punish ransomware attackers and deter future attacks.

Along with consulting security experts in law enforcement, other steps to consider taking after an attack include:

  • Identify and remove any infected computers immediately from your network
  • Turn off any affected computers that haven’t been completely corrupted to contain the damage
  • Change all account and network passwords

Prevention is the Key

The best way to handle a ransomware attack is to never have one. Taking the appropriate prevention steps greatly reduces the risk of ever having to endure the financial distress and organizational turmoil created by these attacks.

Reporting an Online Security Concern

If you suspect you may be the victim of fraud or identity theft, or if you notice suspicious account activity or receive a questionable email or text that appears to be from Morgan Stanley, please contact us immediately at

(24 hours a day, 7 days a week)