Although ransomware has reached epidemic proportions, few small businesses have any sort of plan for how to deal with such attacks. In fact, most think they are too small to even be a target for ransomware. That could prove to be a seriously expensive miscalculation.
On average, there were more than 4,000 ransomware attacks every day in 2016, according to figures from the Justice Department. That’s a 300 percent increase over the previous year. The attacks are indiscriminate, hitting both businesses and consumers alike. The FBI estimates that victims paid more than $1 billion to regain access to criminally encrypted data last year. Payouts ranged from more than $40,000 for healthcare organizations to $500 for individuals.
Nevertheless, most small to midsized businesses (SMBs) are unprepared for such attacks. In a new Ponemon Institute survey of 618 SMB representatives, 57 percent said they believe their company is too small to be a target and 54 percent said prevention is not a high priority.
However, SMBs are actually ripe targets for ransomware attacks. While cybercriminals may not view these businesses as offering a big payday, a lack of training on IT security best practices can make them vulnerable.
The Ponemon Institute study finds that not only do SMBs underestimate the risk, they also misjudge the consequences of an attack. Beyond the actual ransom costs, an attack typically will result in expenses due to downtime, lost business and remediation. On average, the study says, companies will spend 42 hours dealing with and containing a ransomware incident. Additionally, data loss or leakage can expose a company to potentially crippling regulatory fines.
Most ransomware is unleashed when someone clicks on a malicious web site or phishing email. The malware encrypts all the files it can find before opening a dialog box to demand payment in return for a decryption key.
Of course, there’s no guarantee the criminals will actually send the key — as they say, there’s no honor among thieves. That’s why the FBI discourages companies from paying the ransom. That money just funds more and more attacks.
Prevention and a well-developed recovery plan is the best way to deal with ransomware.
Your first line of defense is always education. Employees must understand the dangers of downloading or opening any email attachment unless they are confident of its source. Don’t just send out memos — implement a mandatory awareness and training program.
Systems should be configured to block the download of executable files without permission. Strong spam filters can prevent most phishing emails from reaching end0users, and firewalls should be configured to block access to known malicious IP addresses.
In the event of a successful attack, infected computers should be isolated as soon as possible to protect networked and shared resources. Change all network passwords and online account passwords as soon as possible. An effective data protection plan is the key to rapid recovery. Data should be backed up regularly, and backups kept offline or in the cloud — a process known as a “cold backup.”
Ransomware is flourishing because it is an easy source of income for cybercriminals, and the threat will likely continue to grow over the near term. Although there’s no single method or tool that will provide complete protection from these attacks, that doesn’t mean you are defenseless. With education, vigilance and a well-designed recovery plan, you can thwart most attacks and dramatically limit the damage in the event something does get through.