Ransomware & Data Backup: How to Protect Your Business from Digital Extortion

Welcome back! This article is part of Mastiff Systems’ ongoing Cybersecurity Essentials series, written specifically for small to medium-sized business owners and non-technical teams. Last week’s topic covered phishing and email security, one of the most common entry points for cyberattacks.

Today, we’re focusing on ransomware, a fast-growing threat that can lock your files, freeze your operations, and demand a hefty payment to get access back.

Why You Should Care

Ransomware doesn’t just affect large corporations. It’s increasingly hitting smaller organizations like dental clinics, law firms, and local service providers. These businesses are often more vulnerable because they don’t have advanced IT defenses, yet they store valuable data like patient records, legal documents, or financial files that attackers know you’ll pay to get back.

A ransomware attack can:

• Lock you out of your own systems and files
• Force you to halt operations
• Damage client trust and your reputation
• Cost millions in ransom and even more in recovery

If you’re curious about the scale of these threats, here are links to public databases that track real-world breach incidents in the USA. There are around five new breaches reported every day, affecting businesses of all sizes:

• Medical Data Breaches (U.S.): HHS OCR Breach Portal
• General Data Breaches (All Industries): Privacy Rights Clearinghouse
• California-Specific Breach Notices: California Attorney General Breach List

Real-World Examples

Dental Care Alliance (2020) A ransomware attack on DSO Dental Care Alliance affected over 1 million patients. Hackers stole and encrypted sensitive patient data, leading to compliance issues and patient notifications under HIPAA, and agreed to a $3million settlement.

Campbell Conroy & O’Neil (2021) A high-profile law firm was targeted. Ransomware locked up systems and compromised data from major corporate clients including Boeing, Pfizer, and ExxonMobil.

City of Baltimore (2019) A ransomware attack shut down most city systems including payments and email for weeks. The city refused to pay the $76,000 ransom but ended up spending over $18 million in recovery.

How Ransomware Works

1. Infection A ransomware attack often starts when someone clicks a malicious link or downloads an infected attachment usually from a phishing email, compromised website or unpatched software with vulnerabilities.
2. Encryption Once inside your system, the malware locks (encrypts) files so you can’t access them. You’ll often see a pop-up message demanding a ransom, usually in cryptocurrency, in exchange for the decryption key.
3. Extortion Some ransomware groups now steal your data before encrypting it. If you don’t pay, they threaten to leak it online putting client confidentiality and regulatory compliance at risk.

What You Can Do to Prevent It

1. Keep Backups And Test Them - Make regular, automatic backups of your critical data. - Use the 3-2-1 rule: 3 copies of your data, on 2 different types of media, with 1 stored off-site or in the cloud. - Test your backups regularly. If you can’t restore, it’s not a real backup.

2. Train Staff on Phishing Awareness Most ransomware infections come from email. Training your team to recognize phishing attempts is your first line of defense (see our second article for tips).

3. Patch Your Systems Ransomware often exploits known software vulnerabilities. Always keep your operating systems, browsers, and applications up to date.

4. Limit User Permissions Give employees access only to the files and systems they need. If ransomware infects a low-permission account, the damage is more contained.

5. Use Antivirus and Endpoint Protection Modern antivirus software can block ransomware before it executes. Many systems now use AI to detect suspicious behavior.

6. Segment Your Network Don’t let one infected machine bring down your whole office. Separating devices and networks (e.g., admin vs. guest Wi-Fi) helps contain threats.

What to Do After a Ransomware Attack

Even with precautions in place, no system is 100% immune. If you’re hit by ransomware, follow these steps immediately:

1. Disconnect Affected Systems Unplug or disconnect infected computers from the network to prevent the ransomware from spreading.

2. Contact Your IT Provider or Incident Response Team If you have an IT team or have another IT partner, notify them right away. Don’t try to handle it alone unless you have in-house expertise.

3. Don’t Pay the Ransom…Yet Paying the ransom doesn’t guarantee your data will be restored and may encourage future attacks. Exhaust all recovery options first. Consult legal and cybersecurity professionals before deciding.

4. Check Backups Verify the integrity of your most recent backup and restore from a clean point before the infection. This is often the quickest and safest way to recover.

5. Report the Attack - Notify the appropriate authorities: Report incidents to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov or the Cybersecurity and Infrastructure Security Agency (CISA) at myservices.cisa.gov/irf - Healthcare providers: If Protected Health Information (PHI) is involved, report the breach to the U.S. Department of Health & Human Services (HHS) – Office for Civil Rights (OCR) at hhs.gov/hipaa.

You may also need to notify clients or regulators, especially if sensitive data was exposed (HIPAA, GDPR, etc.).

1. Change All Passwords Assume passwords were compromised. Reset all system and email credentials, and enable MFA wherever possible.

2. Conduct a Postmortem Understand how the attack happened and fix the gaps. Update security tools, conduct new training, and review your recovery plan.

Final Thoughts

Ransomware is one of the most damaging cyber threats today. It encrypts your data, making it completely inaccessible until a ransom is paid (and even then, recovery isn’t guaranteed). But with strong backups, updated systems, and a well-prepared team, you can dramatically reduce your risk. And if the worst happens, knowing how to respond can make all the difference.

In our next article, Malware & Software Updates we’ll cover a closely related topic: how outdated software and poor patching habits leave your business wide open to malware attacks and what you can do to prevent them.

More Resources: StopRansomware