Ransomware has been making a lot of splashy headlines over recent years with high profile attacks, such as WannaCry and NotPetya, dominating the news in large-scale breaches. While these massive breaches are certainly terrifying, the more common attacks are actually being inflicted across much smaller businesses, though on a large scale.
Large enterprises have substantial IT resources and dedicated security teams working to protect them; therefore, they are more likely to survive an attack or prevent one from happening before any damage is done. Overall business detection of malware rose by 79% in 2018, with major ransomware exploits SamSam and GandCrab targeting smaller organizations like hospitals, city services departments and consumer networks.
SMBs – Ideal Ransomware Targets
Smaller businesses may think that these attacks aren’t relevant to them. However, that would be far from the truth. SMBs tend to make ideal targets for cyber criminals because hackers are well aware that SMBs frequently lack the security that enterprises take seriously. Today, we are seeing more and more non-enterprise organizations being targeted with ransomware, since they house a lot of valuable, private data.
These SMBs are being approached in increasingly sophisticated ways, with phishing attacks being the most common attack vector for ransomware. While the traditional phishing email will try to trick users into providing personal and banking information, hackers are using less obvious phishing emails and more targeted spear phishing emails, as well as turning to social engineering and browser extensions to hide malicious code that will infect a user’s computer, which in turn infects the network it is connected to. For SMBs that do not have the IT expertise or a proper spam/phishing blocking solution in place, this can be a costly lesson to learn, and, in extreme cases, can ruin a business. Employees’ behavior can exacerbate the issue since SMBs often lack the resources to properly train them to understand what a phishing or malicious email looks like; this ignorance can inadvertently cause significant destruction for the business.
How Can Small Businesses Protect Themselves?
Have a clear, defined and regularly updated cybersecurity strategy. This means covering all points of entry and having an end-to-end solution on your network.
- Protect the network at the gateway, with a next-generation firewallsolution, which block spam, viruses, phishing and malware before they ever reach employees and theirdevices.
- Protect endpoints and ensure each endpoint has a security solution installed and regularly updated.
- Assign owners to check and update your security, especially if you are unable to hire dedicated IT or security staff.
- Back up data regularly to a safe source, preferably both onsite and offsite or in the cloud. If you have multiple copies of your data, you can recover via backup without having to worry about paying the ransom in the event of an attack.
- Arm yourself with information, and learn to spot suspicious websites, links, browser extensions and emails. Educating employees to not click on suspicious emails, or open attachments from unknown users, is a critical part of cybersecurity hygiene.
- Consider ransomware insurance, which has been growing in popularity in recent years.
- Lock down administrative rights, and keep systems and apps up to date with the latest patches to ensure vulnerabilities are not exploited.
Step to Take if Ransomware Does Make it onto Your Network
This may seem counterintuitive, but don’t pay the ransom. Paying a cyber criminal doesn’t guarantee the recovery of your files, and many of the SMBs who have paid ransoms have reported being unable to recover data. If you are a victim of a malicious attack, ransomware or otherwise, it is important to lock down the network and devices to ensure it cannot spread further. Using powerful anti-malware solutions can help to identify and remove the ransomware. If you have backups, you can restore the data and systems that have been affected without paying the ransom.
Ransomware works; that’s why hackers keep honing their techniques. SMBs need to be especially careful when it comes to cybersecurity and should work with vendors that understand their unique security needs. The most important thing SMBs can do is protect the network at the gateway to keep ransomware from ever reaching users. Having safe, secure backups of information is like an insurance policy to provide access to critical data in the event of an attack. Last but not least, education is critical for users to understand threats, and IT personnel to deploy the proper defenses against them.
About the author: Timur Kovalev serves as the CTO at Untangle and is responsible for driving technology innovation and integration of gateway, endpoint, and cloud technologies. Timur brings over 20 years of experience across various technology stacks and applications. Prior to joining Untangle, Timur headed up Client and Threat Intelligence Technology at Webroot, where he led development of desktop and mobile solutions, cloud intelligence services, and research automation systems.
Copyright 2010 Respective Author at Infosec Island