NetworkTigers examines the ransomware resurgence and how new tactics put mid-sized businesses at greater risk than ever.
Ransomware has moved beyond headline-grabbing attacks on global corporations. Increasingly, small to mid-sized businesses are becoming primary targets. With leaner IT teams, limited security budgets, and growing dependence on digital infrastructure, these companies are often less equipped to detect, contain, or recover from attacks. Cybercriminals understand this and are exploiting the gap.
Ransomware consequences for SMEs
Ransomware attacks have a high success rate, with over 80% of small to mid-sized businesses (SMEs) opting to pay the ransom. However, only 25% of those infiltrated businesses ever recovered their stolen data, regardless of whether or not they paid. Additionally, ransomware payouts can be massive. With the average ransom demanded in 2024 at just over $3.5 million, one successful ransomware attack may shut down a small business. A recent study shows that 60% of small businesses close down within six months of a major cyberattack.
With all this in mind, it should be especially worrisome for mid-sized businesses that the rate of ransomware attacks is rising. Within just the first five weeks of 2025, there has been a 149% increase in ransomware hacks. How many of the most common tactics for ransomware hackers is your company prepared for?
Phishing
Phishing emails remain the number one method by which cybercriminals gain access to systems. Phishing emails have gotten more sophisticated, and often target mid-sized businesses by posing as a client, vendor, or even investor or executive. By impersonating a known entity, employees can fall prey to requests for sensitive information due to social engineering hacks. Additionally, many emails contain malicious downloads and fake attachments. Even when employees realize their mistake by clicking on a phishing email, the damage may already have been done.
Smishing
SMS phishing, or “smishing”, is another specific risk for mid-sized businesses. A 2023 study shows a significant rise in remote workers for SMEs, with 35% of new hires fully remote. With less onboarding and office costs for mid-sized businesses, it makes sense for remote work to be popular for smaller companies with lower overhead budgets. However, remote employees are commonly targeted not only by phishing emails but also by smishing attacks. Phony text messages can infiltrate personal and work devices, allowing hackers remote access to company systems. When accounts are linked via two-factor authentication, this can cause significant employee downtime and stymie even sophisticated cybersecurity protocols.
Drive-by downloads
Malware downloaded from an infected website is a common and classic method for ransomware attacks. Drive-by downloads can come from employees visiting unnecessary websites on work laptops or while connected to company systems, but they can also come from legitimate sites that hackers have infiltrated.
Exploiting software vulnerabilities
Mid-sized businesses may have smaller IT departments or less infrastructure in place for cybersecurity. However, even SMEs should never skip routine updates and software patches. Some of the worst hacks in history could have been avoided if companies had kept their software current. Software developers are constantly racing against hackers to discover new vulnerabilities first. When patches become available, mid-sized businesses must stay on top of routine maintenance, even when it means taking downtime in order to stay safe from ransomware.
Third-party vendor hacks
Many mid-sized businesses rely upon third-party vendors to fill critical roles in the company. Because of this, SMEs are especially vulnerable to third-party cybersecurity weaknesses. Working with the wrong vendor for cloud storage, billing, banking, data management, consulting, or any other area involving sensitive data exchange can spell disaster for a mid-sized business. Once a third-party vendor has been infiltrated, it may take longer for them to realize or report the hack to their customers. Some vendors may attempt to conceal the breach to retain business, which can cost SMEs dearly.
Ransomware-as-a-Service (RAAS)
One of the most troubling advancements in ransomware is RAAS. RAAS allows hackers to deploy ransomware without writing their own code or developing their own bugs. By decreasing the effort involved, RAAS and its widespread availability on the dark web is one of the main factors that has led to the resurgence of ransomware hacks.
Credential stuffing
This kind of brute force attack is rising as AI enables cybercriminals to automate much of the process. Credential stuffing typically involves using previously leaked usernames and passwords to break into systems. Attackers deploy automated scripts to submit stolen or generated credentials repeatedly, overwhelming authentication processes to gain access. With AI, continually firing stolen or randomly generated data at authentication pages has become even easier. Credential stuffing is often paired with prior phishing attacks, third-party vendor weaknesses, or other methods to launch a two-part offensive at small to mid-sized businesses.
Avoid becoming an easy target for ransomware operators. Forbes reports that 82% of businesses targeted by ransomware attacks have fewer than 1,000 employees. With less investment in cybersecurity, greater reliance on third-party vendors, and insufficient employee cybersecurity training, mid-sized businesses are especially at risk of ransomware attacks. Ensure your company has a plan today to set itself apart from the pack and safeguard the valuable data with which your business has been entrusted.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
