惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
GRAHAM CLULEY
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
Latest news
Latest news
C
CERT Recently Published Vulnerability Notes
T
Threatpost
V
Vulnerabilities – Threatpost
AWS News Blog
AWS News Blog
Blog — PlanetScale
Blog — PlanetScale
C
Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
U
Unit 42
The Register - Security
The Register - Security
T
The Blog of Author Tim Ferriss
Stack Overflow Blog
Stack Overflow Blog
The Hacker News
The Hacker News
AI
AI
Project Zero
Project Zero
Scott Helme
Scott Helme
S
Securelist
Vercel News
Vercel News
GbyAI
GbyAI
S
Security @ Cisco Blogs
I
InfoQ
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Check Point Blog
Forbes - Security
Forbes - Security
Google Online Security Blog
Google Online Security Blog
W
WeLiveSecurity
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Heimdal Security Blog
G
Google Developers Blog
D
DataBreaches.Net
The Last Watchdog
The Last Watchdog
D
Docker
MyScale Blog
MyScale Blog
T
Tor Project blog
Cyberwarzone
Cyberwarzone
Recent Announcements
Recent Announcements
Microsoft Security Blog
Microsoft Security Blog
T
Tenable Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 聂微东
月光博客
月光博客

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
Small business, big risk: How SMBs can fight back against ransomware
2025-09-18 · via WeLiveSecurity

Business Security

Small businesses, big targets: Protecting your business against ransomware

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

18 Sep 2025  •  , 5 min. read

Small businesses, big targets: Protecting your business against ransomware

Think your business is too small to be singled out for digital extortion? Think again. Indeed, if you’re an SMB owner, you’d better assume you’re a potential target. Verizon data reveals that, while ransomware comprises 39% of data breaches at large organizations, the figure rises to 88% for SMBs. Large enterprises may be more prepared to pay multimillion-dollar ransoms, but they’re often also more likely to have the tools and policies in place to prevent, detect and contain breach risk.

Meanwhile, SMB are, much like large corporations, entirely dependent on their data and IT infrastructure to operate. The threat of permanent data loss and a total business shutdown has often been a powerful motivator for paying the ransom fee, even without any guarantee that the business will actually get its data back.

Making matters worse, attackers always look for more levers to force payment, for example via double-extortion attacks where they both steal sensitive data and encrypt and threaten to publish it. Aside from stealing and threatening to leak or wipe sensitive internal data, they might threaten DDoS attacks, regulatory complaints and, oddly enough, even physical violence in some cases. In fact, attackers even happily adjust their ransom demands to increase the odds of a payment, as found by Verizon.

To put it bluntly, less-well defended SMBs are a juicy target for attackers. Indeed, by having more digital assets and money than consumers and fewer cybersecurity protections than enterprises, these businesses have for long been in a “cybercrime sweet spot”. If you’re keen to keep your company’s data safe and systems secure, the good news is that it’s achievable without breaking the bank.

smbs-cybercrime-sweet-spot

How ransomware groups are evolving

To tackle the threat, you also need to understand who or what’s driving it, and how it’s changing. For one thing, the ransomware-as-a-service (RaaS) industrialization of cybercrime has lowered the barriers to entry and facilitated the proliferation of ransomware. Meanwhile, the turnover of ransomware brands also continues apace, caused in part by intensifying law enforcement efforts. As soon as a group is taken down, a new one often emerges with similar or other tactics and tools in a bid to escape scrutiny. Additionally, fast-evolving TTPs make it harder to mitigate risk.

On the other hand, ransomware rebrands may also be a reflection of the difficulties many groups are having in turning a profit. An analysis of cryptocurrency ransom payments reveals a 35% decrease between 2023 and 2024. Yet faced with potentially fewer victims willing to pay, ransomware groups appear to be doubling down on those who do, as shown by a study claiming that 55% of organizations that paid a ransom last year did so multiple times; with 29% paying three or more times.

How AI is transforming ransomware

As technology advances, ransomware groups are also changing tack to increase their chances of success. The usual ways to achieve initial access into victim networks remain vulnerability exploitation, phishing and remote access compromise; such as via credentials obtained by infostealer malware. Yet AI tools could supercharge all of these efforts.

The UK’s National Cyber Security Centre (NCSC) warned recently that over the next two years AI use will lead to “an increase in frequency and intensity of cyber threats.” Scanning for vulnerable victims (reconnaissance), vulnerability exploitation, and social engineering in particular will become more democratized on the cybercrime underground.

Meanwhile, ESET recently discovered what’s believed to be the world’s first AI-powered ransomware, “PromptLock.” It uses a legitimate model from OpenAI to generate malicious scripts. “The prospect of AI-powered malware that can, among other things, adapt to the environment and change its tactics on the fly may generally represent a new frontier in cyberattacks,” ESET warns.

A separate ESET report highlights other new developments including the appearance of “EDR killers” – designed to terminate, blind, or crash endpoint detection and response (EDR) tooling installed on victim systems. Groups have also been observed using “ClickFix” social engineering tactics to trick users into installing malware on their machines.

How to protect your business

A handful of SMBs know to their cost what can happen following a ransomware breach. Although already under financial pressure before a 2023 attack, British logistics firm KNP subsequently fell into administration with the loss of 700 jobs.

To prevent your business going the same way, adopt a prevention-first mindset by:

  • Deploying robust patch management to ensure vulnerabilities deemed the highest risk are patched, to further limit the opportunity for initial access and lateral movement.
  • Updating identity and access management policies and tooling in line with a Zero Trust approach. This means assuming breach, continuous verification of users, least privilege policies, and multi-factor authentication.
  • Ensuring security software from a trusted vendor is placed on all devices, from endpoints, servers to remote worker laptops.
  • Backing up sensitive files according to industry best practices, so that even if files are encrypted they can be restored, reducing your adversary’s leverage.
  • Devising an incident response plan in collaboration with key stakeholders from across the business. It should also be tested periodically to ensure it’s fit for purpose in helping to accelerate containment following an intrusion.
  • Continuously monitoring your networks, endpoints and other parts of the IT environment for signs of suspicious behavior. These early warning signs should help to minimize attacker dwell time.
  • Updating training and awareness courses to include simulation exercises featuring the latest phishing tactics, including voice-based phishing (vishing). Your employees are both your best asset and your weakest link.

Importantly, make sure to properly evaluate your assets, resources and risks, including those emanating from supply chains. Keep an inventory of all open-source and proprietary off-the-shelf tools used by your organization. More broadly, asset visibility is the foundation of any risk management program. In other words, attackers are known to count on blind spots. If you don’t know a system exists or what data it holds, you can’t protect it.

As the ESET SMB Digital Security Sentiment 2022 has shown, many SMBs are increasingly aware of ransomware and other risks facing their business, but they don’t have the confidence in their in-house cybersecurity expertise. It makes sense then that many of them, especially those with fewer resources, are increasingly turning to managed detection and response (MDR) services to and hand off the monitoring to an expert partner who then performs 24/7/365 threat hunting, detection and response, reducing the operational burden on your in-house team while ensuring any ransomware activity is rapidly identified, contained and eliminated. Ransomware actors need to be sent packing before they have a chance to cause any damage.

A Buyer’s Guide to Managed Detection and Response: What is it and why do you need it?


Let us keep you
up to date

Sign up for our newsletters