Ransomware is exactly what it sounds like: malicious software that encrypts your files and demands a ransom — typically in cryptocurrency — to restore access. When it works, your entire operation can grind to a halt: no access to client files, accounting systems, emails, or any other data your business depends on.
And it works more often than most people realize.
How Ransomware Gets In
Understanding how ransomware enters your environment is the first step to stopping it. The most common entry points for Montreal SMBs:
- Phishing emails — an employee clicks a link or opens an attachment that executes malware. This is by far the most common vector.
- Compromised credentials — attackers use stolen usernames and passwords (often from data breaches on other services) to log into your systems directly
- Unpatched software — known vulnerabilities in Windows, browsers, or business software that haven't been updated
- Remote Desktop Protocol (RDP) — exposed RDP ports are actively scanned and attacked by automated tools
- Malicious downloads — software from unofficial sources, cracked applications, or infected USB drives
The uncomfortable truth: Most ransomware attacks succeed not because of sophisticated hacking, but because of basic security gaps that are entirely preventable.
What Happens During an Attack
Ransomware doesn't always act immediately after infection. Modern ransomware operators often spend days or weeks inside your network first — mapping your systems, identifying your backups, and maximizing the damage they can cause before triggering encryption.
When they finally strike, the encryption can happen in minutes. Every file on every connected drive gets locked. Your screen shows a ransom note. The clock starts.
At this point, your options are: pay the ransom (no guarantee you'll get your files back, and you're funding criminals), restore from backup (only works if your backups are clean and tested), or start from scratch (devastating for most businesses).
How to Actually Protect Your Business
Here are the controls that meaningfully reduce your ransomware risk — in order of impact:
1. Multi-Factor Authentication (MFA) on Everything
MFA blocks the vast majority of credential-based attacks. Even if an attacker has your password, they can't get in without the second factor. Enable MFA on Microsoft 365, your VPN, your banking portals, and any other business-critical system. This single step eliminates one of the most common attack paths.
2. Endpoint Detection and Response (EDR)
Basic antivirus is not enough. EDR solutions use behavioural analysis to detect and stop ransomware — even new variants that haven't been seen before. Every device in your business should have EDR installed and actively monitored.
3. Tested, Offline Backups
Your backups are your last line of defence — but only if they work and haven't been encrypted themselves. Follow the 3-2-1 rule: 3 copies of data, on 2 different media types, with 1 copy offsite or air-gapped. Test your restores regularly. A backup you've never tested is not a backup.
4. Patch Management
Keep Windows, macOS, browsers, and all business software updated. Attackers actively exploit known vulnerabilities — and patches fix them. This should be automated, not manual.
5. Email Security
Most ransomware starts with a phishing email. Microsoft Defender for Office 365 (included in some M365 plans) adds link scanning, attachment sandboxing, and anti-spoofing protections that block many phishing attempts before they reach your inbox.
6. Network Segmentation
Separate your network into segments — staff, servers, IoT devices, guest Wi-Fi. When ransomware gets onto one device, segmentation limits how far it can spread. This is especially important if you have any older devices or equipment on your network.
7. Security Awareness
Your team is your biggest vulnerability and your biggest asset. Brief, practical guidance on how to spot phishing emails goes a long way. You don't need a multi-day training program — 30 minutes of clear examples and what to do when something looks suspicious is enough to meaningfully reduce risk.
If you do nothing else: Enable MFA on Microsoft 365 and make sure you have tested, offline backups. These two steps address the majority of successful ransomware attacks on SMBs.
What to Do If You're Hit
If you discover ransomware on your network:
- Disconnect affected devices immediately — unplug network cables, disable Wi-Fi. Stop the spread.
- Don't turn off computers yet — forensic evidence may be needed; consult your IT provider first
- Contact your IT provider or MSP immediately — this is an emergency response situation
- Do not pay the ransom without consulting a professional — payment doesn't guarantee recovery and may have legal implications
- Notify your cyber insurance provider if you have coverage
- Assess Law 25 obligations — if personal information was compromised, you may have breach notification requirements
The Bottom Line
Ransomware protection is not about being paranoid — it's about closing the gaps that attackers routinely exploit. Most successful ransomware attacks on Montreal SMBs exploit basic, preventable weaknesses: no MFA, no EDR, untested backups, unpatched software.
The good news: the highest-impact protections are not expensive or complicated to implement. They just need to actually be in place and actively managed.
At Evolv I.T, cybersecurity is built into every managed IT plan we offer. If you want to know how exposed your current environment is, our free IT assessment is a good place to start that conversation.
Want to Know Where Your IT Stands?
Book a free 30-minute IT assessment with Evolv I.T — we'll review your current setup and give you honest, actionable advice. No commitment, no sales pitch.
Request My Free IT Assessment