Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory

Small Business Cybersecurity Corner

Ransomware

You can download a pdf version of this page here.

What could be more terrifying to you, a small business owner, than to discover you are locked out of your own computers because you’ve been hit with ransomware.

What is “ransomware”?

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access.

Here’s an example of how a ransomware attack can occur:

A user is tricked into clicking on a malicious link that downloads a file from an external website.
The user executes the file, not knowing that the file is ransomware.
The ransomware takes advantage of vulnerabilities in the user’s computer and other computers to propagate throughout the organization.
The ransomware simultaneously encrypts files on all the computers, then displays messages on their screens demanding payment in exchange for decrypting the files.

Protecting Your Small Business: Ransomware — In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website.

NIST Small Business Webinar: Ransomware Prevention, Detection, Response, and Recovery

Ransomware disrupts or halts an organization’s operations and poses a dilemma for management: does the organization pay the ransom and hope that the attackers keep their word about restoring access, or does the organization not pay the ransom and restore operations themselves?

Fortunately, organizations can take steps to prepare for ransomware attacks. This includes protecting data and devices from ransomware and being ready to respond to any ransomware attacks that succeed.

Don’t assume your business is too small to get hit. The nature of ransomware is that the cybercriminals work to ensure their malware spreads as widely as possible, infecting the computers of individuals and businesses of all sizes.

Common ways ransomware can hit you:

Email – phishing emails can trick you into clicking on an attachment (“Urgent Invoice”) that allows the malicious software program to take over your computer.
Malware – if your network or software is vulnerable , a cybercriminal can sneak in and plant malicious code. It might sit unnoticed for a period of time, allowing the bad guys time to access files and steal data, then finishing up with unleashing ransomware so you can’t see the damage.

Ransomware is a common threat against any business, large or small. It can put a company out of business or disrupt operations for a long period of time. Paying the ransom can be very expensive and there’s no guarantee that data will ever be recovered. If customer data is stolen, it may trigger state data breach notification laws.

Here are additional resources from NIST and partner federal agencies to help you protect against and respond to ransomware attacks :

NIST
CISA (Cybersecurity and Infrastructure Security Agency)
- Stop Ransomware website
- Ransomware Executive One-Pager
Cyber Readiness Institute
- Ransomware Playbook
FBI
- Ransomware Fact Sheet
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
FTC
- Ransomware Guide
HHS
- “Prepare, React, and Recover From Ransomware"

Created September 27, 2021, Updated August 20, 2024