All businesses need a comprehensive cybersecurity strategy in place to protect themselves, and one of the main things they should be concerned about is ransomware.
In 2019, these kinds of attacks on businesses rose by 41% and 205,000 businesses lost access to important files. Ransomware attacks on businesses can be incredibly costly and it's a mistake to think that cybercriminals only go after big corporations. Any business, no matter how large, can be targeted by these attacks. In fact, small to medium companies are often prime targets because they don't invest as much in cybersecurity and there are more weaknesses in their systems, meaning that it's easier to launch a successful ransomware attack.
Ransomware prevention should be a central part of your information security strategy but, unfortunately, many small business owners don't understand the dangers or how to protect themselves. This article will tell you everything you need to know about what ransomware is, how it works, why your business is likely to be targeted, and how you can protect yourself.
Ransomware is a type of malware that cybercriminals use to steal your data. They do this by encrypting it so it can't be accessed. If you try to open an infected file on your computer, all you'll see on the screen is gibberish or a message telling you what you need to do if you want to decrypt the file and get access back again.
Once they have gained access to your system and managed to lock certain important files, cybercriminals can then make demands (usually for cash), hence the name ransomware.
The way ransomware works varies slightly between different variants of ransomware but there are some general trends about how these kinds of attacks work:
Ransomware usually gets onto your system using phishing emails which make it look like they've been sent from a reputable company. Your employees are often the ones who are targeted in these kinds of attacks because cybercriminals know that they are more likely to open emails sent from companies they are familiar with. For example, an attacker might send an email pretending to be from your bank that warns you that your password has been compromised and includes a link to download a new one. Once someone clicks on this link, ransomware is automatically downloaded onto their computer and begins its encryption process.
Some strains of ransomware can also get onto your system by infecting other files on removable drives which you then bring into the office and connect to your network. Again, all it takes is for one person to open an infected file and the ransomware will start encrypting data using different keys so no one can access it. And once you're infected, people will only be able to access the files if you pay up and get the decryption key.
The files are locked using asymmetric encryption. This is where two keys are generated to encrypt the file. One key is used to lock the data (called the public key) and one key (the private key) is used to decrypt it again. The private key isn't stored anywhere on your system so you cannot access that information either unless you pay for it or try to crack the encryption yourself, which with modern cryptography is nearly impossible.
Some ransomware can exploit weaknesses in the system and spread itself throughout an entire network to lock multiple files at once. This means that you'll have a much harder time locking down the system and removing it from your infrastructure. It only takes a matter of minutes for ransomware to bring down an entire business.
In most cases, the criminals will then contact the business and demand a ransom within the next few days or the files will be lost forever. It's vital that you have the right cybersecurity measures in place to prevent ransomware attacks because they can be devastating to your business. Paying the ransom means losing a lot of money but if you refuse and the files are lost, you have to manage the extensive costs of data loss. The average cost of a ransomware attack in 2021 is $1.85 million dollars (Source: Sophos.) If sensitive customer information is lost in the attack, this can have a long-term impact on your company because people will quickly lose trust in you.
Businesses are often targeted because cybercriminals know that these kinds of attacks can make them a lot of money. For example, in 2017, The WannaCry ransomware attack affected more than 200,000 people. This included customers who had no access to their files or couldn't use critical systems in hospitals or at manufacturing plants. If you run a hospital, the loss of patient records due to ransomware would have been catastrophic so it's understandable why they chose to pay up when faced with this scenario. The criminals behind these attacks are often located in countries where law enforcement doesn't have much control over cybercrime activities so it can be very difficult for them to catch the attackers. This means that small businesses are less likely to get their files back even if they do pay up because paying won't guarantee anything.
Cybercriminals are increasingly using ransomware for several reasons.
With ransomware attacks on the rise, it's more important than ever for businesses to find ways to protect themselves.
If you want to protect your business, you need to invest in cybersecurity and put a clear information security strategy in place, and that includes protecting against ransomware attacks. These attacks can be devastating to your business, but there are some steps you can take to prevent them.
If you wait until a ransomware attack happensbefore you start thinking about how to deal with it, it's already too late. Afast response can limit the damage caused and help to maintain yourcybersecurity in the event of an attack. It also helps you recover data and getyour business up and running again much sooner. So, you need a clear responseand recovery plan in place for ransomware attacks.
You should create an information security planthat clearly outlines lines of communication and roles amongst your IT team, soeverybody knows exactly what they are doing as soon as an attack happens.
Creating policies for dealing with suspiciousemails is crucial too. If employees are unsure what they should do, they aremore likely to click a malicious link. But if there is a clear policy forforwarding it on to the IT team and checking for any potential cybersecurityissues, the risk of ransomware attacks drops considerably.
It's all about being prepared for anyeventuality and knowing exactly how to respond before it has even happened.
If your business suffers from a ransomwareattack, having regular backups of your data can make a huge difference. This iswhy you should always have more than one backup of your files and store thesebackups in separate locations. Regular backups help you recover quickly afterany kind of cyberattack while also minimizing the damage that results from theattack itself.
Cybercriminals have leverage over you if youdon't have any backups because if they restrict access to those files anddelete them, you have no way of recovering them. But that leverage disappearsif you have it all backed up and you can easily recover it.
However, you have to be careful about whereyou store your backups. If they are on the same system, they can easily beaffected by the same ransomware attack. So, your backups need to be offline andnot connected to the network that the ransomware targets. Before you restoreyour backups, always double-check that they are not infected with the sameransomware, or you could make the situation much worse.
It's not just the IT team that needs to knowabout cybersecurity. Employees across your business need to understand whatthey can do to prevent ransomware attacks and how to deal with them if theyhappen.
By training everybody in good cybersecuritypractices, you make sure that everyone understands what malware is and why itcan be dangerous. You also help ensure that nobody opens suspicious emails orattachments and that all emails are checked carefully before any links areopened.
There are a number of ways to spot maliciousemails. They often come from unknown senders with no contact information. Theyalso contain lots of spelling mistakes and broken English, with urgent requeststhat demand an immediate response or action. If employees are aware of thesetell-tale signs and better understand how cybercriminals operate, they canquickly identify any suspicious emails and help prevent ransomware attacks.
In addition to teaching them how to spotmalicious emails, you should also train employees in good password managementand sensible information security practices. This means making sure that theyonly use strong passwords containing numbers, symbols, and upper- and lowercaseletters. They should never reuse passwords for different accounts or share themwith anyone else. And if their password is compromised in any way, they shouldchange it immediately.
It's critical to keep software updated,including the operating system and any apps. This ensures that there are no securityvulnerabilities within them that could be exploited by cybercriminals. Theupdates themselves won't stop an external threat like ransomware, but they willminimize your exposure to risk.
Sometimes it can be difficult to updatesoftware because many companies have complex IT systems with lots of differentprograms installed on them, which makes updating each one difficult. But thisis another argument for investing in a professional cybersecurity team thatknows how to manage updates and ensure that all security weaknesses arehandled.
It is especially important that you keep allcybersecurity software updated to avoid any vulnerabilities that could beexploited by cybercriminals. New methods for bypassing cybersecurity softwareare being developed all of the time. The developers that make the software arein a constant race to stay one step ahead and strengthen the systems, but ifyou are not using the latest version, you are not fully protected.
Software updates are important, but you alsoneed to replace any outdated hardware too. If you are using computers that aredecades old, it is only a matter of time before you are targeted by ransomwareor some other malware that can exploit their outdated systems.
Your hardware needs to be able to run thelatest security software, but that is not all. You also need to make sure ithas enough processing power for the programs you are using. An older computerrunning an antivirus program with lots of functions may not have the ability toprocess at the speed needed. This means that any threats will go undetected forlonger, which increases your risk of infection. A lot of companies are at riskbecause their computers are simply too old to support the latest version of theoperating system, meaning that they have all sorts of vulnerabilities.
Although replacing all of your computers canbe costly, it's a lot cheaper than paying a huge ransom because you let yourcybersecurity slip.
Although all ransomware is slightly different,most attacks take advantage of Remote Desktop Protocol (RDP) port 3389 andServer Message Block (SMB) port 445 to gain access to your system.Organizations often leave these ports open for convenience, but if you are notusing them, you should shut them down.
This is to prevent ransomware from gainingaccess to your system through the port that it requires to work. If you have nolegitimate reason for leaving RDP or SMB ports open, they should be closedimmediately. If you do want to leave them open, limit connections to trustedhosts only. Check settings for any cloud environments you are using too.
Using a DNS web filter can help protect yoursystem from ransomware by blocking any domains that are known to containmalware. Sophos is one example of an internet security company that has its owndatabase of malicious websites, which it updates regularly to keep up-to-datewith the latest threats.
DNS filtering will stop employees from visitingfake websites set up to deliver malware. However, it's important to rememberthat DNS Web Filtering will not block 100% of all ransomware attacks, so itshould be used alongside other types of protection too.
An intrusion detection system (IDS) is a pieceof network security software that monitors and analyzes traffic to identify anyattacks. As well as reacting in real-time, it also creates an accurate audittrail that enables you to produce reports and undertake post-mortems when necessary.
Once implemented, an IDS will monitor allincoming and outgoing traffic continuously so that it can spot potentialthreats such as ransomware trying to access your system through RDP or SMBports. It will alert the cybersecurity team so they can investigate further andtake appropriate steps. This could include shutting down certain systems ordisconnecting users from specific resources until the threat has passed.
When combined with strong perimeter securitymeasures and regular penetration testing, an IDS provides powerful protectionfrom cybercriminals. It is particularly effective against ransomware because itcan identify suspicious activity and raise the alarm before any damage has beendone. That way, you can avoid the situation and work on boosting securitybefore another attack happens.
Ransomware attacks are one of the biggestcybersecurity threats that businesses face right now. Unfortunately, many smallbusiness owners aren’t aware of the dangers, and they don't have an informationsecurity process in place to protect their data. If you want to keep yourbusiness safe, avoid downtime, and protect your finances, it's vital that youfollow these steps to protect against ransomware attacks.
Security Ideals offers a unique risk-basedapproach to preventing ransomware. We work with you or your team to conduct a riskassessment specific to ransomware which creates a risk score for your organizationand a list of potential improvements. The outcome is a project plan that can beused to systematically reduce the risk of a ransomware outbreak within yourcompany. Please use the link below tobook a free 30-minute consultation where we can discuss your project, shareadvice, and plan for your risk assessment.