Ransomware coverage tends to focus on large organisations. But small businesses are targeted precisely because they are less protected, less likely to have offline backups, and more likely to pay quickly to restore operations.
How Ransomware Reaches Small Businesses
Phishing and Credential Theft
Email remains the most common initial access vector. Many attacks begin with a commodity information-stealer that harvests credentials, which are then used to gain deeper access before ransomware is eventually deployed.
Exposed Remote Desktop Protocol
RDP exposed directly to the internet is one of the most exploited attack surfaces in Australian business. Attackers scan for exposed RDP ports and attempt to authenticate with stolen or brute-forced credentials.
Unpatched Vulnerabilities
Known vulnerabilities in VPN appliances, remote access tools, and web-facing applications are actively exploited. The window between public disclosure and active exploitation has shortened significantly.
Double Extortion
Modern ransomware operations exfiltrate data before encrypting. Attackers hold both the decryption key and the threat of publishing stolen data. Even businesses with viable backups face the extortion risk.
Prevention That Works
Enforce MFA everywhere. Remove exposed RDP — use a VPN instead. Implement and test offline or immutable backups regularly. Patch internet-facing systems within two weeks of release. These four controls address the vast majority of ransomware entry paths.
Should we pay the ransom?
Australian law enforcement agencies recommend against paying. It funds criminal operations, does not guarantee a working decryption key, and marks your business as a willing payer. The better investment is prevention and verified backup capability before an incident occurs.
