Cyber Wars 2025: The SMB Strikes Back

• Ransomware has evolved from a labor-intensive cybercrime to a commoditized, plug-and-play menace available as purchasable kits.
• Ransomware-as-a-Service (RaaS) has grown in sophistication, making it easier for less technical attackers to access and use these tools.
• SMBs are increasingly targeted by ransomware attacks due to their smaller size and often weaker security measures.
• Enterprise-grade security is essential for SMBs to protect against sophisticated ransomware attacks, leveraging tools from Symantec and Carbon Black.

Ransomware has been a tool for attackers since the time of the floppy disk. And like all things profitable, it has grown with time. What was once a labor-intensive cybercrime reserved for upper-echelon hackers is now a plug-and-play menace, commoditized into purchasable kits for criminal consumers. 

For the last decade, Ransomware-as-a-Service (RaaS) has grown in sophistication and ease of access. The widespread availability of these kits on private forums and marketplaces has provided a lower barrier to entry for less technical attackers. 

That’s good business for bad actors. In 2024, Ransomware attacks rose by 3% as criminals turned their attention to a greater number of SMBs. Read on for a deeper look into the reasons and methods behind this SMB targeting, what it means for SMB cybersecurity, and how you can future-proof your security to withstand this growing trend. 

Oh, and for our fellow Star Wars nerds, because May the 4th is coming up, we’ll have some fun with this otherwise serious topic.

RaaS: Attack of the Clones

In cyber wars, no weapon has proven as profitable as ransomware, and its latest iterations are more widespread than ever before. Like a horde of Stormtroopers, RaaS has created a legion of threat actors armed with near-identical tools, tactics, and playbooks. RaaS isn't new, but it's matured into a full-blown business model with affiliate programs, customer service and revenue-sharing agreements. How did we get here?

A long time ago…  

In the early days of ransomware, enterprises were the primary target for attackers. From a cybercriminal's point of view, these companies were high risk, high reward. If bad actors were going to manually breach a system, move laterally and stage encryption, they wanted to make it count. And thanks to their high-value data, convoluted IT environments and deeper pockets that could afford ransom demands, enterprises fit the bill. 

Meanwhile, SMBs generally assumed they were too small to be noticed. Common sentiments from these companies likely included:

• "We don't have anything valuable enough to steal."
• "Hackers are only interested in big brands."
• "We're under the radar."

This “security through obscurity” mindset didn’t prevent SMBs from investing in basic defenses—antivirus, firewalls, etc.—and that worked for a while. But ransomware was scaling at a remarkable rate. In the background, a clone army was starting to form. 

Ransomware cantinas 

The tipping point for ransomware was its commodification. Today, cybercrime marketplaces and underground forums offer a one-stop shop for attackers. Ransomware kits come with everything needed to run an enterprise-grade attack, including:

• Pre-built malware payloads
• Clear step-by-step instructions
• Tools for lateral movement, privilege escalation and encryption

Just like with any competitive SaaS business, many now offer affiliate revenue models, with top operators giving attackers a cut of each ransom collected. Some even restructure payment flows to build trust with affiliates—mirroring the dynamics of a commercial partner ecosystem. RaaS has become the franchise model of cybercrime. 

SMBs in the crosshairs

As these tools have become easier to use, attackers have shifted their focus to smaller prey. Less effort required in attacks means that a higher volume of attacks is possible. 

SMBs are easier to compromise as they often lack 24/7 security and advanced endpoint detection. Since the companies are smaller, the ransoms are smaller. But this can also cause SMBs to be more willing to pay. And if the company doesn’t have backups, they might feel like there are no other options.

So the enemy’s logic has flipped. Instead of targeting massive Death Stars, ransomware actors are casting wide nets to snare starfighters, shuttles and spacetugs. If the attacks are plug-and-play, why not run 20 smaller campaigns at once instead of one risky mega-heist? We’re in an age of enterprise-grade attacks aimed at businesses large and small. There is no obscurity left. 

The SMB strikes back

The same digital transformation that powered the growth of SMBs has also expanded their attack surfaces. Just as SMBs adopted cloud tools, CRM platforms and enterprise-grade SaaS to scale, they now need enterprise-grade security. Basic antivirus and firewalls won’t hold up against attackers using tools and playbooks designed for Fortune 500 targets. The playing field must be leveled. 

Symantec + Carbon Black: A new hope

As the legendary cybersecurity portfolios offered by Broadcom’s Enterprise Security Group, Symantec and Carbon Black together provide SMBs with the field-leveling security they need. These aren’t stripped-down versions of enterprise tools. They’re full-featured protections that scale to fit the size and needs of your business. Our tools incorporate threat intelligence from the Threat Hunter Group—a multi-disciplinary team of analysts, data scientists and investigators who track attacker behavior in real time and feed those insights directly into our defense innovations. For cloud, on-premise and hybrid environments, we offer one of the most comprehensive cybersecurity offerings available–and all focused on providing enterprise-grade security for all.

Together, we can help you send attackers to a galaxy far, far away…where even a well-equipped gunship won’t save them.