← Blog
ransomware protection NZ small businessransomware backup NZprotect business from ransomware New ZealandCERT NZ ransomwareoffsite backup ransomware recoverycyber attack small business New Zealand

Ransomware and Your Small Business: Why Backup Is Your Last Line of Defence

21 June 2026

Ransomware attacks increased by over 150% globally between 2020 and 2023. New Zealand is not exempt. CERT NZ's quarterly threat reports have flagged ransomware as a persistent top-tier threat for several years running, with attacks targeting businesses of all sizes — including sole traders and small trades businesses.

Most NZ small business owners assume ransomware is a problem for big companies. It isn't. Small businesses are often easier targets: fewer security controls, less IT support, and a greater willingness to pay a ransom quickly to get back to work.

How Ransomware Works

Ransomware is malicious software that encrypts every file it can reach on your computer — documents, photos, spreadsheets, emails — and then demands payment in exchange for the decryption key.

It usually arrives via:

  • Phishing email — a link or attachment that looks legitimate but executes malicious code when opened
  • Compromised software — pirated software, unpatched software with known vulnerabilities, or malicious downloads
  • Remote desktop compromise — attackers brute-force Remote Desktop Protocol (RDP) credentials

Once running, ransomware encrypts files rapidly — often across the entire machine and any connected drives within minutes. Modern ransomware also searches for network shares and cloud-synced folders.

Why Cloud Sync Doesn't Protect You

Many business owners assume their Google Drive or Dropbox sync protects them from ransomware. It doesn't.

Sync services mirror the current state of your files. When ransomware encrypts files on your computer, the encrypted versions sync to the cloud almost immediately. The encrypted files replace the originals in your cloud storage.

Why External Drives Don't Protect You Either

An external hard drive that is plugged into your computer when ransomware runs is encrypted along with everything else. If your backup drive is always connected, it provides no protection against ransomware.

To protect against ransomware, a backup must be:

  1. Not directly connected to your computer during normal operation, OR
  2. Stored offsite where the ransomware cannot reach it

What a Ransomware-Resistant Backup Looks Like

Offsite cloud storage. Your backup should be in a cloud storage system that is not directly mapped as a drive on your computer during normal operation.

Not a sync service. Services like Dropbox, iCloud Drive, and OneDrive are sync services. Ransomware-encrypted files will sync immediately.

Independence from your main credentials. Your backup account should use a different password to your main business accounts.

Recovery: What Happens After a Ransomware Attack

Without a clean backup, your options are:

  1. Pay the ransom (not recommended — payment doesn't guarantee recovery)
  2. Attempt to use decryption tools (only available for some older strains)
  3. Lose the data permanently

With a clean offsite backup, recovery looks like this:

  1. Isolate the infected machine (disconnect from the network)
  2. Wipe the machine and reinstall the operating system
  3. Restore your files from the last clean backup

The cost of a wipe-and-restore with IT assistance in New Zealand is typically $300–600 for a single workstation — significantly less than most ransomware demands.

CERT NZ's Recommendations

CERT NZ recommends:

  • Keep regular backups of important data
  • Store at least one backup offline or offsite
  • Test your backups — make sure you can actually restore from them
  • Do not pay ransoms

TPT Backup backs up your files, email, and photos to independent cloud storage on a nightly schedule. It is not a sync service — your backup files are not mounted as a drive on your computer during normal operation, which means ransomware running on your machine cannot reach them.

Start your ransomware-resistant backup — 5 GB free →

Frequently Asked Questions

My antivirus software should stop ransomware, shouldn't it?

Antivirus helps, but it is not sufficient on its own. Modern ransomware is specifically designed to evade signature-based antivirus detection. CERT NZ consistently recommends backup as a necessary complement to endpoint protection.

Does ransomware spread to my backup through the internet?

Not through a properly configured cloud backup service. Ransomware encrypts files accessible on your machine and network. A cloud backup that doesn't mount as a drive during normal operation is not accessible to ransomware.

Should I report a ransomware attack?

Yes. CERT NZ (cert.govt.nz) accepts ransomware reports and can provide guidance. The report is confidential.

Never lose a job file again.

5 GB free — no credit card required.

Get started free →