top of page

How the BT Group Ransomware Attack Highlights the Cybersecurity Risks Facing Small Businesses

Cyber attacker posing as IT support at computer wearing a mask with Teams logo in front and ransomware image in background
Ransomware cyber attackers are posing as IT support via Teams messaging

In late 2024, the BT Group, a major telecommunications provider, experienced a ransomware attack that forced parts of its infrastructure offline. The incident, which involved attackers allegedly stealing sensitive data, underscores how cybercriminal tactics are evolving—and why every business, from large corporations to small and mid-sized businesses (SMBs), must prioritize cybersecurity.


Adding to this growing concern is a disturbing trend: cybercriminals now exploit trusted tools like Microsoft Teams to deceive employees and breach networks. Together, these events emphasize the importance of vigilance and proactive defense against cyber threats.


What Happened in the BT Group Attack?

The ransomware attack on the BT Group leveraged advanced social engineering techniques that highlight the evolving sophistication of modern cybercriminals. Reports suggest that attackers initiated their campaign by signing up the victim's email address for numerous mailing lists. This overwhelmed the target with a flood of unwanted emails, creating confusion and frustration.


Capitalizing on this chaos, the attackers reached out to victims, often through Microsoft Teams or by phone, posing as IT support or help desk staff. They offered assistance to resolve the email deluge and directed victims to install remote management tools such as Quick Assist, TeamViewer, AnyDesk, or ScreenConnect. By gaining access through these tools, the attackers established a foothold in the organization’s systems, which they later exploited to exfiltrate sensitive data and deploy ransomware.


This method demonstrates a sophisticated combination of psychological manipulation and technical execution, showcasing how cybercriminals exploit human trust and organizational workflows to bypass traditional security measures​.


The Emerging Threat: Fake IT Support on Microsoft Teams

In a troubling new development, attackers have begun impersonating IT support staff on Microsoft Teams, one of the most widely used business communication tools. In these schemes, cybercriminals initiate conversations with employees, pretending to represent Microsoft or internal IT departments. Their goal? To harvest login credentials, distribute malicious files, or redirect employees to phishing websites.


This tactic exploits the trust employees place in official-looking communications and familiar platforms, making it highly effective. For SMBs reliant on platforms like Teams, it’s a reminder that even internal communication tools can be exploited.


How to Stay Safe on Teams and Other Platforms

  1. Verify requests. Always confirm the legitimacy of unusual IT requests through separate, official channels.

  2. Implement Multi-Factor Authentification (MFA). Adding another layer of security can prevent unauthorized access even if credentials are compromised.

  3. Train employees. Educate staff to identify phishing attempts and suspicious communications, even from trusted tools.

  4. Use monitoring tools. Advanced tools can detect unusual patterns in communications, helping to flag potential threats early.


Why SMBs Are At Risk

The ransomware attack on the BT Group disrupted operations and brought attention to the increasing sophistication of cybercriminal tactics. Attackers reportedly infiltrated systems, exfiltrated sensitive data, and leveraged ransomware to demand payment for its return.


While the BT Group is a multinational corporation with significant resources to respond to such an attack, this event demonstrates that no organization is immune. Cyberattacks on smaller businesses can yield substantial rewards for attackers, as many SMBs lack the robust defenses of larger companies. For instance:


  • Phishing remains a primary attack vector. SMB employees may be less trained in identifying fraudulent communications, making them easier targets.

  • Vulnerable systems and software. Outdated systems or inadequate patch management can leave gaps for attackers to exploit.

How to Protect Your Business

To defend against modern cyber threats, SMBs should adopt these best practices:


  1. Adopt a Zero Trust Security Model: Limit access to systems and verify every user, whether inside or outside the organization.

  2. Maintain Offline Backups: Regularly back up critical data, ensuring at least one copy is stored offline.

  3. Update and Patch Systems: Regular software updates and patches can close known vulnerabilities.

  4. Partner with a Managed IT Services Provider (MSP): A trusted MSP - one that specializes in cybersecurity strategy and services beyond base-level tools - can provide the expertise and resources necessary to strengthen your cybersecurity defenses.


Why Partnering with a Managed IT and Cybersecurity Services Provider Matters

For SMBs in Sioux Falls and beyond, partnering with a managed IT and cybersecurity services provider (MSP) like ELBO Computing offers several advantages:


  1. 24/7 Monitoring: MSPs provide constant oversight, detecting and responding to threats in real time.

  2. Comprehensive Assessments: From identifying vulnerabilities to recommending solutions, MSPs ensure your systems are resilient against evolving threats.

  3. Employee Training: MSPs can implemhttp://CISA.govent ongoing education programs to help employees recognize and avoid cyber threats.

  4. Partner with a Managed IT Services Provider (MSP): A trusted MSP - one that specializes in cybersecurity strategy and services beyond base level tools - can provide the expertise and resources necessary to strengthen your cybersecurity defenses.


By taking these precautions and partnering with experts, SMBs can reduce their exposure to attacks and better protect their operations. Cybercriminals will continue evolving their tactics, but with the right strategies in place, businesses can stay one step ahead.


If you’re ready to strengthen your cybersecurity, ELBO Computing is here to help. Call 605-361-3720 or contact us online today for a free consultation or to learn more about our IT security assessments!


Further Reading

CISA.gov #StopRansomware Guide


Security Week Cyber Insights: Ransomware


Black Basta Ransomware Poses as IT Support on Microsoft Teams


bottom of page