Irish SMEs face Increased Ransomware Threat

Ransomware, the term used to describe a malicious act of cyber-criminality, occurs where threat actors infiltrate an organisation’s IT system and encrypt critical business data, preventing the organisation from accessing it and oftentimes causing operations to grind to a halt. The criminals will then hold that data to ransom, theoretically only releasing an encryption key after a sum of money has been transferred to them. As one is dealing with a criminal organisation, is it never wise to pay the ransom, as there is simply no guarantee that the data will ever be recovered.

Every industry is at risk from this menace of cyber-warfare, and organisations in the SME space are no exception. In Ireland, the National Cyber Security Centre (NCSC) and the Garda National Crime Bureau have warned SME owners of this increased threat of ransomware attacks.

In previous years, while smaller organisations have always been at risk from ransomware, synchronised, targeted attacks were traditionally focused at larger enterprises and government agencies because of the larger ransoms which were being paid. This paradigm seems to be shifting, with more targeted attacks directed towards SMEs.

A recent study of Irish SME business owners conducted by Datapac in conjunction with our data backup and business continuity partner Datto corroborates this. The silver lining to this unfortunate reality is that more and more SMEs are becoming aware of the potential risk to their organisation’s data, with 86% reporting concern that their organisation will become a target of cybercrime. Worryingly, of those surveyed, almost a third (31%) have already experienced data theft in the past year. To address this risk, many are turning to the expertise and advice offered by an outsourced Managed Service Provider (MSP) to help combat the threat.

At the global level, ransomware shows no signs of abating. According to a worldwide survey of mid-sized organisations, detailed in the Sophos State of Ransomware Report 2022, there was a 37% increase in ransomware attacks in 2021 vs the previous year. The report attributes the growing trend of Ransomware-as-a-Service (RaaS) as a significant contributing factor in the growth of attacks on smaller organisations. RaaS refers to the nefarious business model conducted on the dark web whereby ransomware developers will sell or rent their malicious code to buyers, who are then free to execute it on the target organisation of their choice. Acting as a perverse reflection of legitimate software companies, many RaaS developers will even provide ongoing support to their “customers”, helping them to maximise the chance of a successful infiltration and ransomware detonation. The democratisation of this criminal undertaking has significantly reduced the barrier to entry for threat actors, making it viable from a risk/reward perspective to target smaller organisations.

To help get a better understanding of the reality of ransomware, the below scenario broadly describes the steps of a successful ransomware attack which results in a ransom note appearing on your screen:

  1. Installation – Your machine is compromised when you click a malicious link. A common example would be clicking a suspicious link or attachment in an email. The cyber-criminal’s code is then downloaded onto your machine. By incorporating advanced stealth tactics it can evade Anti-Virus detection, enabling it to hide in plain sight.
  2. Call Home – The malicious code calls home over a secured covert communication channel to a server controlled by the intruders. This is bad news for you. The interlopers now have control over your environment and terrible things are just around the corner.
  3. Encryption Key Generation – Your machine and the malicious server generate an unbreakable pair of cryptographic keys that will be used to encrypt the victim’s files. One key is stored on your device and the other, unfortunately for you, is stored on the perpetrator’s server. Without the key on the malicious server, decryption of files is impossible.
  4. Encryption – The Ransomware on your machine starts encrypting files across your network. Before long, your files are scrambled, inaccessible and useless. Applications and Operating Systems crash, and production is ground to a screeching halt.
  5. Ransom Demand – A ransom note is displayed on your screen demanding payment in order to release the decryption key stored on the malicious server controlled by the criminals. Untraceable digital payment methods such as Bitcoin are the preferred transaction type. After a short period defined by the perpetrators, the decryption key will be deleted, making any decryption impossible.

As demonstrated in the above scenario, ransomware and other cyber attacks typically follow a predictable pattern, involving some form of reconnaissance, infiltration and eventual detonation. This series of events is referred to as the Cyber Kill Chain, and the best way for an organisation to protect itself from becoming a victim of cybercrime is to have strong, proven defences at each link of the chain. The earlier in the chain an attack can be disrupted, the less damage will be done to the affected organisation.

Unfortunately, many SMEs lack the expertise or resources to design and deliver this level of protection in-house; oftentimes becoming fixated on individual point solutions without fully considering the full implications to organisation-wide security processes and policies. MSPs can be the saving grace for many SMEs in this situation, providing the skills and expertise to strategically roadmap their cybersecurity journey and implementing best-of-breed solutions which are truly best fit for their unique requirements.

With a pedigree of excellence in the Irish market spanning over forty years, Datapac is uniquely positioned to provide SMEs with the knowledge and experience needed to secure their organisations in this uncertain time. If you would like to speak with our experts, please leave your details below for a free, no-commitment consultation from a member of the team.

Name(Required)



register for upcoming events

Register for upcoming events

  • Datapac provides IT services to Glanbia
  • Datapac provides ICT infrastrure to Holfeld Plastics