The Ransomware industry continues to thrive, while companies, large and small, fumble their way through in the hope that they don’t become the next headline.
Ransomware attacks are becoming increasingly more sophisticated, and the ongoing pandemic has left companies exposed as cyber-criminals were keen to pick-off unsuspecting homeworkers, separated from the herd.
However, the ongoing shift has prompted companies to re-think the way they address security threats, which will probably pay-off in the long run. In the short run, however, they need every bit of help they can get to stave-off the cyber-crooks and avoid shelling out vast sums of Bitcoin in order to get their files back – assuming they ever will.
What is Ransomware
For those that don’t know, Ransomware is a type of malware that encrypts a company’s files, and then demands a payment (usually in Bitcoin) to decrypt them. In some cases, the attacker threatens to publish the captured data if the ransom is not paid.
A Ransomware program will typically arrive in the form of an email attachment disguised as a legitimate file, which the victim gets tricked into downloading/executing.
Given that Ransomware payments are very difficult to trace, in most cases, the attackers never get caught. SMBs would be wise to take the threat of Ransomware seriously, as the situation is likely to get worse.
Why are SMBs Being Targeted?
In simple terms, the reason why attackers like to target SMBs is that there are more to choose from, there’s a greater chance of success and less chance of getting caught. As you might expect, SMBs don’t have the same budget or resources available to them as larger companies, and in many cases, they’re not even aware that this is an issue.
Some smaller companies still believe that their endpoint and perimeter security measures will suffice in staving-off Ransomware attacks and other security threats.
Assuming they carry out any security awareness training at all, the sessions probably won’t be regular or detailed enough to create the “culture of security” necessary to mitigate such attacks. They probably won’t have a tried and tested incident response plan in place, with reliable backups and disaster recovery protocols, and there’s a greater chance that they will be using unpatched software, which attackers will seek to exploit.
SMBs might not have the right tools in place to help them detect and respond to security incidents, nor will they have the staff to monitor access to privileged accounts, which attackers will target in order to broaden the scope of the attack. It’s also worth bearing in mind that attacks on smaller companies, while less profitable, will be less likely to result in a police investigation, which might be more appealing to novice attackers who want to make a quick buck without the risk of getting caught. And with Ransomware-as-a-Service (RaaS) growing in popularity, it’s like that SMBs are going to be targeted even more.
What is the Impact of a Ransomware Attack on SMBs?
While a Ransomware attack on a small business is obviously not as serious as an attack on a hospital or some other public utility, it can be crippling for the business involved, as they will have fewer resources available to them to address the issue.
For the same reason, smaller companies are often targeted more than once by the same attackers. Perhaps the biggest impact of a Ransomware attack on a small company is lost productivity. Once the attack has been initiated, employees will be unable to access the company network.
Assuming the company chose not to pay the ransom, it could take an entire week to contain and eradicate the infection, and restore their systems back to their operational state. And of course, doing so will cost money.
Falling victim to a Ransomware attack will also tarnish the reputation of their company, thus driving away existing or potential customers.
How Can SMBs Protect Themselves Against Ransomware?
Given that SMBs have limited resources, the best place to start would be to ensure that all employees are frequently briefed about how to identify phishing emails. Security teams should periodically send out mock phishing emails to see who downloads the attachment or clicks on the link.
They will need to ensure that they have an incident response plan (IRL) in place, and have reliable backups, which they can restore in the event of an attack. When you have limited manpower, it’s also a good idea to focus on automation. There are some real-time auditing solutions that can detect and respond to events that match a pre-defined threshold condition, such as when multiple files are encrypted within a given time-frame.
When the threshold condition is met, a script can be executed which can stop a specific process, disable a user account, change the firewall settings, shut down the server, or any other actions that will prevent the attack from spreading.