Small Business & Ransomware

<  Back to Fact Sheets

Ransomware is software designed to infiltrate and remotely lock your device or network until your pay a fee. Small businesses can be particularly susceptible to ransomware attacks because: 

  • Small businesses don’t have security teams and IT specialists on staff that can prevent, 
  • Small business owners are driven by more “primal” needs, like survival! 



You can minimise your susceptibility to ransomware attacks by: 

  • Regularly backing up your files externally and offline. Businesses are most susceptible to ransomware when there are no file backups. 
  • Regularly updating your operating system, anti-virus software, and applications (patch!). 
  • Regularly running anti-virus programs and treating your computer when necessary. 
  • Using strong passwords, and changing them regularly. 
  • Not clicking on suspicious links in emails, even if they appear to be from a trusted source. Phishing attacks often lead to ransomware attacks. 
  • Educating employees on the importance of staying smart online. 
  • Only purchase online products and services after you have done your due diligence. 

Detecting Ransomware 

Ransomware will generally present itself clearly, in that your device will be unusable and there will be a message demanding payment. 

It is best to detect ransomware before an attack by using an up-to date anti-virus program. 

You can detect the phishing attempts that lead to ransomware by being vigilant when reading emails and visiting websites which ask you to click on links or download programs. If you receive an unusual email from what appears to be a trusted source (i.e. strange language used, offers something that seems too good to be true, etc.) consider contacting that source independently offline. 

Responding to a Ransomware Attack 
  • ‍It is not recommended that you pay a ransom in order to regain access to your device or network. There is no guarantee that you will regain access after paying, and the payment method will often be one that is difficult or impossible to trace, such as gift cards. 
  • Disconnect the device from your network to limit the scope of the attack. 
  • Check on your back up files using a different device and network. Avoid reconnecting until you are able to clean your affected device with 
  • ‍EUROPOL and a number of software security vendors have launched a free decryption check called CRYPTO SHERIFF that can be accessed at 
  • Assess what’s at risk and what would be lost. If there’s too much at stake you may have to consider paying but be careful, you’re dealing with criminals. 
  • Change your passwords and PINs. 
  • If you have supplied your credit card or account details, contact your financial institution. 

Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provided do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the the Services or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440