Guide: 2025 Upfort's SMB Vulnerability & Exposure Report
A three-year survey of CVEs in small business domains illustrates a persistently (and needlessly) risky cyber landscape
Ransomware attacks are bringing in record amounts for global cybercriminals. According to a recent article from BleepingComputer, ransomware attacks have culminated in a staggering $460 million in losses in the first half of 2024 alone.
If the current trends hold, 2024 is well on its way to overtaking 2023’s record of $1.1 billion in losses. As this tactic becomes more fruitful, it incentivizes global cybercriminals to grow these attacks. Indeed, $75 million of 2024’s expanding tally came from a single attack on an unnamed “Fortune 50” enterprise by the “Dark Angels” hacking gang—the largest known payment on record.
This is a wake-up call for businesses everywhere—ransomware is a very real threat and one that only promises to grow. Fortunately, there are proactive steps businesses of all sizes can take to protect themselves.
First, let's clarify what ransomware is. Ransomware is a type of malicious software designed to block access to a computer system or its data until a sum of money is paid. Hackers employ various tactics to distribute this malware, such as phishing emails, malicious ads on websites, or even exploiting unpatched (or unknown) vulnerabilities in software.
Hitting large enterprises with deep pockets may be the ultimate cybercriminal dream, but small businesses are far more likely to fall prey.
Data from 2021 found that 82% of ransomware attacks were against companies with fewer than 1,000 employees, and 37%—over a quarter—were against those with fewer than 100.
Small businesses are seen by cybercriminals as “low-hanging fruit”—easier to infiltrate due to generally weaker cybersecurity measures and resources.
Small businesses are seen by cybercriminals as “low-hanging fruit”—easier to infiltrate due to generally weaker cybersecurity measures and resources. If a small retail shop, for example, becomes paralyzed by ransomware, they might have no choice but to pay the ransom to get back to business, often because they lack the resources to counteract the attack.
What’s worse for victims? Research has shown that 47%—less than half—of victims get all their data back uncorrupted. And four-out-of-five organizations that pay the ransom are hit a second time, often by the same attacker.
So, how can small businesses protect themselves from the growing threat of ransomware? Here are some actionable steps:
Ransomware is a booming “industry” for cybercriminals. Small businesses that neglect cybersecurity do so at their peril. Remember, the cost of a ransomware attack could be far higher than just the ransom demand. Downtime, loss of customer trust, and potential legal implications can have long-lasting effects on your business.
Arm yourself with knowledge, take preventive measures, and remember that investing in cybersecurity now can save you from incalculable losses in the future.
Arm yourself with knowledge, take preventive measures, and remember that investing in cybersecurity now can save you from incalculable losses in the future.
Protect your business today to ensure it thrives tomorrow. The stakes have never been higher, but neither have the tools and resources available to keep your data—and your livelihood—safe.