TL;DR: Cybercrime is a continually evolving issue with new tools and techniques being developed by bad actors to refine their attacks. The ultimate outcome of a ransomware attack, disruption, data theft, and extortion remains the same. However, the methods have grown increasingly sophisticated. This evolution is driven by the subscription-based Cybercrime-as-a-Service model, where only a handful of providers need to innovate their tactics, and those advancements quickly scale to impact all victims. SMBs are seen as easy targets due to potentially weak defenses and limited resources. Attacks are now more targeted, using a step-by-step strategy to infiltrate systems and demand payment.
Basic cybersecurity practices that leverage advanced AI-enhanced defense mechanisms and support from trusted IT partners, such as Shing Digital and ESET, can make a big difference.
__________________________________________________________
We all hear about things that happen to others that make us want to cover our eyes and think, “This can’t happen to us.” Whether it is health issues, financial troubles, mold in the home or a ransomware attack, too often we convince ourselves we are immune.
Small businesses cannot afford this “head in the sand” mindset. They may think they fly under the radar, but are seen as high-value targets by threat actors, as they are often the conduit to access larger companies with which they do business.
To understand how we got here, let’s walk through four key moments that shaped the evolution of ransomware and Cybercrime-As-A-Service (CaaS).
Fake virus scams 2005 to 2010: Between 2005 and 2010, we witnessed the rise of “Fake Virus” scams, where cybercriminals posed as tech support from trusted companies, using scare tactics to trick people into paying for fake fixes. Sadly, these scams still target vulnerable users today, particularly seniors.
Locker Malware 2010 to 2015: Locker malware escalated the threat by locking users out of their systems entirely. Instead of stealing data, it blocked access and often displayed alarming or graphic content on the screen. Attackers typically posed as law enforcement and demanded payment to remove the content and restore access.
Encrypting Ransomware 2015 and beyond: This type of attack is closer to the more sophisticated type of ransomware that we still see today. These attacks target users’ files with a powerful encryption algorithm, leaving victims with no access unless they pay up. They are incredibly effective; once your system is infected, you are pretty much stuck. This poses a serious threat to both individuals and organizations.
Modern Ransomware 2019 and beyond: As ransomware continues to evolve, attackers are becoming more precise with their strikes. Attackers nowadays are able to infiltrate networks and move strategically to maximize damage before demanding payment. Groups like Conti, Clop, LockBit and RansomHub have become household names in cybersecurity circles. LockBit pioneered the Cybercrime-as-a-Service model, giving everyday people with minimal technical background the ability to launch attacks using pre-built toolkits.
It should be noted, LockBit was eventually taken out of the equation by a coordinated law enforcement action, but as fast as one demises, another rises, and Ransomhub provided services to the affiliates that once used the LockBit service.
Today’s ransomware is not just about locking files. It is a full-blown strategy. Attackers employ a combination of encryption, threats, and pressure tactics to coerce victims into paying. Some even publish small snippets of the stolen data in stages to heighten the sense of urgency, and as proof that they have the data. Others threaten distributed denial-of-service attacks or harass victims on social media.
Modern attacks follow a playbook:
- Initial Access: Attackers find a way in, whether through weak passwords, phishing emails, known software flaws, or even insider help.
- Lateral Movement: Once inside, they move quietly through the system, looking to gain administrator access and uncover sensitive data.
- Data Exfiltration: If they succeed, they extract valuable data and analyze it to decide how much ransom to demand.
- Backup Disruption: To make recovery harder, attackers often disable backup systems, leaving victims with few options to restore their data.
- Payload Deployment: Then comes the blow, encrypting files and shutting down IT systems.
- Denial of Service: Attackers may disrupt the business further by launching denial-of-service (DNS) attacks on websites and external services such as customer service centers. This prevents customers from contacting the already crippled business, amplifying the pressure.
- Extortion: With everything locked down, the extortion begins. Attackers demand payment in exchange for access and often threaten to leak sensitive information.
Why Small Businesses Are Easy Targets
Threat actors focus on large industries such as healthcare and finance with the goal of monetizing their activities. However, as the tools improve, the door has been opened for smaller players with less technical knowledge through the Cybercrime-as-a-Service model. For a fee, anyone can rent the tools, data, and playbooks needed to launch an attack and even benefit from a support contract from the service provider, all with a near guaranteed return on investment.
While large crime syndicates often enjoy protection due to their ability to operate in places beyond the reach of law enforcement, individual perpetrators do not. Smaller targets with less return may fly under the radar of active law enforcement and the media, and governments focus on defending against large-scale attacks, like the 2025 breach of Nova Scotia Power and Emera, which compromised the personal data of 277,000 Canadians.
Meanwhile, 73 percent of small Canadian businesses have experienced a cybersecurity incident, and 1 in 5 of the businesses fail after a cyber incident. With minimal support and limited IT resources, small businesses are vulnerable to exploitation. Cybercriminals could hit thirty small businesses for $50,000 each with far greater ease and visibility than targeting a multinational corporation.
Think of it this way. In Canada, if you steal a chocolate bar, you are unlikely to see the inside of a jail cell. But if you rob a bank, a task force will be assembled to track you down. Cybercrime works the same way. Governments focus on the biggest threats, leaving smaller attacks largely unchecked. However, it’s essential to recognize that 30 years ago, a bank robber had an 80% chance of being caught and jailed; for cybercriminals, this figure is now under 1%.
What You Can Do
You do not need to be a cybersecurity expert to protect your business. Start with these steps:
- Understand what you have that needs to be protected.
- Enable multi-factor authentication (MFA) by default.
- Use unique, complex passwords as a backup to MFA, and store them in a password manager.
- Ensure backups are restorable and stored offline.
- Establish centralized log management.
- Deploy endpoint security solutions.
- Invest in advanced AI-based cybersecurity tools such as Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR)
- And when resources are not available, opt for 24/7 monitoring with a Managed Detection and Response (MDR) solution.
- Secure internet-facing services with proper configurations.
- Keep your software up to date with automated patch management.
Threat actors thrive on poor cyber hygiene, misconfigured systems, weak controls, and outdated software. Fixing these gaps is your first line of defense.
Looking for Support?
Cybersecurity can feel complex, especially for small businesses juggling many priorities. Working with trusted partners can make all the difference. IT partners like Shing Digital, in collaboration with ESET, offer tailored solutions and ongoing monitoring to help you strengthen your defenses and proactively stop threats. They work alongside you to build a resilient IT and security foundation, allowing you to stay focused on growing your business.
