What Is Ransomware — And Why Should Your Business Care?
Ransomware has become the most disruptive cyber threat facing small and medium-sized businesses worldwide. In 2025 and 2026, attacks on law firms, accountancy practices, healthcare providers, and housing associations have all made headlines — and the majority of victims were not large enterprises.
They were businesses just like yours.
What Is Ransomware?
Ransomware is malicious software that encrypts your files — making them completely inaccessible — and then demands a payment (a “ransom”) in cryptocurrency to restore access.
When ransomware hits a business:
- Files, databases, and systems are locked instantly
- A ransom note appears demanding payment — typically thousands of pounds or dollars
- A deadline is set, after which the ransom usually increases
- In many modern attacks, data has already been stolen before encryption — meaning paying the ransom does not guarantee your information stays private
That last point is important. Most ransomware groups now operate a double-extortion model: they steal your data first, then encrypt it. Even if you restore from backups, the attacker still threatens to publish your client records, financial data, or sensitive documents publicly unless you pay.
How Does Ransomware Get In?
The three most common entry points are:
1. Phishing emails An employee clicks a link or opens an attachment in a convincing-looking email. The ransomware is installed silently in the background.
2. Compromised credentials Attackers buy or steal login details (often from data breaches on other services) and use them to log in to your systems directly — particularly remote access tools like VPNs or Remote Desktop.
3. Unpatched software Outdated software with known vulnerabilities is exploited before a patch is applied. VPN appliances, remote desktop gateways, and web-facing applications are frequent targets.
Who Gets Hit?
Anyone holding valuable data. Ransomware groups do not discriminate by size — they target businesses that:
- Hold large volumes of personal or financial data
- Lack a dedicated IT or security team
- Have not implemented multi-factor authentication
- Rely on backups that are connected to the same network as their main systems
Solicitors, accountants, healthcare practices, housing associations, and property firms are among the most frequently targeted sectors — because they hold exactly the kind of data ransomware groups want.
What Can You Do?
You do not need an enterprise security budget to reduce your risk significantly. The basics matter most:
Backups — the 3-2-1 rule Keep 3 copies of your data, on 2 different types of storage, with 1 copy stored offline or offsite. A backup that is connected to your network can be encrypted by ransomware along with everything else.
Multi-factor authentication (MFA) Enable MFA on every account that supports it — email, remote access, cloud storage. A stolen password is far less useful to an attacker if they cannot bypass the second factor.
Keep software updated Apply patches promptly, particularly on internet-facing systems. Many ransomware attacks exploit vulnerabilities that have had patches available for weeks or months.
Train your staff Most ransomware starts with a phishing email. Staff who can recognise suspicious messages are your first line of defence.
What Cairn Intelligence Does
Cairn Intelligence publishes threat intelligence on active ransomware groups — including the groups currently targeting your sector. Monthly briefings identify what is active, what is targeting businesses like yours, and what actions to take.
If you would like to understand your current exposure, a free pilot engagement is available with no commitment.
Get in touch or email sam@cairnintelligence.com.
Cairn Intelligence — cairnintelligence.com — Published threat intelligence research at reports.cairnintelligence.com