In our last post we took a look at ransomware in the enterprise and asked the question: Is it always wrong to pay up when hit by ransomware? Today we shine the light on small business.
With ransomware damages costing victims an estimated $1 billion in 2016, close to $5 billion in 2017 and a projected $11.5 billion in 2019, it’s easy to think that hackers are making their fortunes by targeting large corporations – but small businesses are just as likely, if not more likely, to have a ransomware attack. Too many small and medium-sized businesses underestimate the potential threat of ransomware, falsely believing that they’re too small to be targeted. However, this false belief relies upon the assumption that their business is actively a target. Small businesses can better protect themselves by replacing the mental image of a criminal plotting to attack their business with that of a guy simply walking around trying ‘doors’ to see if they are unlocked. Cybercriminals program an exploit and it either crawls the net until it finds an open door, or is fired off as a spam email to see who might fall victim.
Ransomware’s impact on small businesses can be devastating, according to the Malwarebytes’ Second Annual State of Ransomware Report containing the findings of a survey of over 1,000 small and midsized businesses. Among the findings is that 22 percent of small business that were hit with ransomware were crippled to the point they had to immediately cease operations. Let that sink in. More than 1 out of 5 SMB hit by ransomware closed their doors! Further, according to the House on Small Business Committee, 60% of small businesses that fall victim to a cyber attack close up shop within six months.
Law officials and security experts advise against giving into the demands of cybercriminals. However, many SMBs lack a full backup system in place, which typically leads to their paying the ransom to recover their data. But paying the ransom is no guarantee that the hackers will restore the systems in their entirety. Ransomware and encryption methods are readily available on the internet, some even for free. Would-be hackers can simply pick up a program off the web and start using it to earn money with no real idea of how to undo the damage. However, it is not always about the money. Just last week, The Seattle Times reported how Boeing was hit by the WannaCry virus even though, as pointed out by Jake Williams of Rendition Infosec, the ransomware part of the virus is broken and there’s no way to pay the ransom. Perhaps hackers simply want to be disruptive and attack the manufacturing sector, which still relies upon older Windows systems. If hackers are still hitting enterprise targets such as Boeing, SMBs definitely cannot assume their existing IT security is sufficient.
There is also a hidden threat to ransomware attacks lurking in our infrastructure. We naturally assume that affected employees will inform their IT department or Managed Service Provider (MSP). However, that is not usually the case! Whether out of shame for being victimized or confusion over what to do, 59% of employees who fell victim to a ransomware attack decided to pay the ransom amount themselves, a recent survey found. We can extrapolate this to understand that in over half of all ransomware attacks, no one went back to clean up those computers and they may STILL be vulnerable.
Recognizing that ransomware is an ever-present threat, SMBs can no longer take a head in the sand approach. Because preparation is key in preventing ransomware attacks, it is important for MSPs or IT departments to sit with business executives and make sure everyone understands the business priorities and disaster recovery options for a variety of attack scenarios. To guard against falling victim to attacks, security experts and the House Small Business Committee advise SMBs to:
- Make regular backups of your data and store it offline
- Educate employees about phishing emails as well as on how hackers work and the dangers of dealing with cyber criminals directly
- Update all your computers regularly
- Protect your data servers
- Use antivirus and malware protection and keep it up to date
Although there are multiple delivery methods, most ransomware attacks happen through email attachments and links. For ransomware originating from emails, Soliton’s SecureShield product is an effective block. SecureShield provides interlocking defensive measures to isolate malware and data on the endpoint while maximizing control for IT. User sessions are executed in a virtual workspace that misdirects endpoint-based attacks. All content – including any executed malware – is disposed along with the workspace each time the user closes the application.
Continue the conversation with us at RSA. Stop by and visit us at Booth 131 in the South Hall. What? No Ticket? Get your complimentary expo hall pass with the following code: X8ESOLIT.
And come back next week for Ransomware Dollars and Sense Part 3.