Small business beware – you are ransomware’s Number 1 target.
Ransomware is a multibillion-dollar a year business and growing. While the impact can be devasting to anyone with important data – individuals, businesses, even city governments, small businesses have the most to fear.
Small businesses were the target of a whopping 71% of ransomware attacks in 2018.
Cybercriminals see small businesses as an easy target, as they spend less on information security than larger firms and have more money than individuals.
Without proper backups, recovery from ransomware can be difficult, expensive and not guaranteed. Given the dire and sorry, not over-hyped threat, here are “8 Things Every Small Business Manager Should Know about Ransomware” to protect the organization.
What is ransomware?
The concept behind ransomware is simple: Lock and encrypt a company’s computer data and application servers in order to cripple the company, using algorithms that cannot be cracked or reversed, then demand a ransom to restore access.
Often, the company must pay the cybercriminal within a set amount of time or risk losing access forever. And frankly, since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.
If you are attacked, what’s the impact?
According to the Better Business Bureau, the annual lose for a cybercrime like ransomware is now on average $80,000. Another recent report puts the average ransom demand for small businesses at $116,000. And, the average downtime per attack is a 6.2 days and increasing.
Imagine being without your customer records, your intellectual property, your customer credit or debit information, financial information, employee records, business correspondences or more for almost a week. Given the draconian impact, it's perhaps no surprise 60% of small companies go out of business within six months of a cyberattack.
What are some real-life examples of ransomware’s impact?
According to a report in The Guardian, Brookside ENT & Hearing Services refused to pay a hacker’s ransom demand of $6,500. The impact was devasting. The virus locked and overwrote all the practice’s mission-critical data, including patients’ medical records, bills and appointments, as well as backups. Unable to recover, and with patients losing their personal medical records, the doctors at Brookside had to close their practice weeks later.
Another attack, although a small city of 35,000 rather than a small business, shows just how expensive ransomware can be. According to the New York Times, Riviera Beach, FL recently paid nearly $600,000 after ransomware paralyzed the city’s computer systems.
How do cybercriminals get access?
For a company, a ransomware infection usually starts with a malicious email.
An unsuspecting user opens an attachment or clicks on a URL at which point a ransomware agent is off and running. Once a foothold is gained, the virus quickly proliferates across the network.
Although email is the most common infection point, infection methods are constantly evolving. There are many other ways someone can become infected.
How do you know if you are a victim of ransomware?
It might start by being unable to open a file or being locked out of your system. But, ransomware isn’t always so subtle. Fairly quickly the malware author will demand a ransom payment, usually via a pop-up message, and typically demanding payment via bitcoins before they decrypt your files and restore full IT operations back to you.
Will paying the ransom work?
According to Coverware’s Q1 Ransomeware Marketplace Report, paying the ransom works 93% of the time and a valid decryption tool is provided. However, success rates vary dramatically based on the type of ransomware and the victim-company’s negotiation and payment tactics. Some are as low as 60% of the time.
Remember, ransomware is a criminal business. Criminals aren’t known for their trustworthiness.
Please note: paying a ransom should be a last-resort-step, not a standard operating procedure, and certainly impacts a business's ethical standards; (something we will leave for each business to address without judgement).
What happens if you get attacked?
Your response depends upon how prepared you are and the extent of the attack. But here are some basic steps to take:
(A) Isolate the machine(s), disconnect them from the network and ensure no user accesses them.
(B) Notify law enforcement.
(C) Identify how the ransomware got into the system.
(D) Ensure that other systems which access to the same data as the infected system(s) are not infected.
(E) Consider the ransom demand against the cost to replace or recreate the encrypted data. Get a sense for the probability of getting the decryption key post payment.
More professional attackers will have better grammar and likely will require Bitcoin payment.
Check online for the history of others who have been victimized by the same ransomware. But, remember to move fast as the offer could expire or the price may go up.
How do you protect yourself against ransomware?
The Cybersecurity and Infrastructure Security Agency (CISA) recommends businesses follow these precautions to protect against the threat of ransomware:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when browsing the Internet.
In addition, the CISA recommends the following best practices:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
Finally, talk to your insurance agency. Some policies may cover against financial lose against ransomware.
Just like at home, where regardless of the number of locks you have a determined criminal can break in; determined, well-funded, and smart cybercriminals can and will hack your business.
Once hacked, paying a ransom is not just risky, it's a potential ethics issue and won’t stop future attacks. In fact, it might make your business a prime target.
Ultimately, it’s up to you whether the ransomware devastates your business or is purely an annoyance. It all depends on your level of preparedness. Ensuring you have a layered set of protections and a strong backup strategy is key.