Russian Ransomware is Targeting Small Businesses in the U.S.: What You Can Do

Ransomware is used by cybercriminals to infect data in an attempt to extort money, often a cryptocurrency, from the victims. It’s one of the most common types of malware, but it’s also one of the most dangerous. While some ransomware can be easily removed, other types can easily re-infect a user’s computer.

Ransomware assaults have risen in frequency since Russia invaded Ukraine, as a result of sanctions imposed by the US and its allies, according to cybersecurity experts. TruU CEO Lucas Budman says that US-led global sanctions will undoubtedly increase attacks. SecureLink CTO Joel Burleson-Davis also noted that ransomware assaults have increased and account for approximately 22% of all cyberattacks in 2021.

In a recent memo, President Joe Biden warns that Russia may be preparing cyberattacks against the US, and that these intrusions are transitioning from data theft to harming key operations of businesses. Since 2021, the Biden administration is pressing CEOs and industry leaders to brace for ransomware attacks.

Who’s at Risk for Ransomware?

Ransomware has not only been a threat to large organizations but also to small businesses and individual users.

Small businesses are the perfect target for this malicious attack, says Corey White, CEO of security firm Cyvatar, since many are ignorant of their “exposed” online data. Most are also unaware of how to protect themselves from this type of malware and lack the necessary security software to do so.

How Ransomware Works

Ransomware spreads by delivering a malicious file to the victim’s computer. The malware often enters through email attachments, web ads, or infected websites. The virus then installs itself on the user’s computer.

Once the ransomware is installed, it will encrypt all of the files. The hacker will then demand a ransom in order for the victim to regain access to those files. The average payment, according to the Sophos State of Ransomware study for 2020, was $170,404.

What happens if you don’t pay the ransom?

The hackers are not going to stop until they get their money. They will keep on hacking into your system and stealing your data until you pay them.

However, if you refuse to pay, they will do either of the following:

  • Hackers might steal your personal data, contacts, or even your identity. They might even leak your private photos and videos online as well as expose you in public.

  • They might permanently delete all of your company files and do other things that will cause significant damage to your business.

  • Hackers might release your data and sell it to the highest bidder on the dark web.

How to Stay Safe from the Ransomware

Hackers are getting more sophisticated in their tactics, so it’s important to make sure that your defenses are up to date.

Alejandro Mayorkas, a Homeland Security Secretary, recognizes small businesses as the backbone of the nation’s economy. Thus, he urged small businesses to be proactive in preventing ransomware attacks.

Fortunately, you may take precautions to avoid becoming the next victim. Five suggested practices for preventing ransomware attacks are listed in the White House memo:

1 – Back up your Data Regularly

You should have an offline backup of your data and make sure it’s stored outside of your computer system such as on an external hard drive. Keeping current backups offline ensures that if your network data is encrypted, your company can recover systems.

Further, it is important to regularly test your backups to ensure they are up to date. Many ransomware variations aim to identify and encrypt or remove accessible backups.

2 – Update Your Systems Quickly

Have timely updates of operating systems, firmware, and software by considering a centralized patch management system.

3 – Develop and Test an Incident Response Plan

Build an Incident Response Plan by answering these questions: Can you run your firm without specific systems? Would you shut down production if business processes like billing were down?

4 – Re-evaluate your Security Team’s Performance

Practicing your Incident Response Plan reveals its flaws. Many ransomware perpetrators are aggressive and sophisticated, so use a third-party pen tester to assess your system’s security and defense against advanced attacks.

5 – Segment your Networks

To ensure that Internet Connection Sharing (ICS) networks can continue working in case your corporate network is compromised, you must carefully filter and limit internet access to operational networks and implement workarounds. Confirm that manual controls can sustain safety-critical functions in the event of a cyber disaster.


If you are infected with ransomware, you will need to contact an expert who can remove the malware and restore your encrypted files. It’s imperative that you do not pay the ransom because there is no guarantee that the hacker will keep their end of the bargain. If they don’t decrypt your files after receiving payment, then you’ve lost everything in this situation.

Nonetheless, it’s best practice to prepare for the worst. As they say, prevention is always better than cure.