Going into 2021, ransomware remains one of the most dangerous threats in the cybersecurity landscape. To effectively defend themselves, business owners need to know what they’re up against—and small businesses are especially at risk.
What Is Ransomware?
Ransomware is a type of malicious software that encrypts your data until you pay a “ransom” to release it. Most commonly, this involves encrypting whatever files can be accessed and presenting the victim with a message containing information about how to pay. Bitcoin is almost always the payment method of choice due to the ease of laundering it.
Infections spread through a few common attack vectors:
- Insecure Remote Desktop Protocol (RDP) software with weak passwords
- Vulnerable, out-of-date software exposed to the Internet
- Phishing emails, where attackers impersonate trusted people and organizations in order to lure victims into downloading software or clicking dangerous links
- Drive-by downloads from malicious websites
Ransomware attacks cause great harm to businesses, costing them an average of $761,106 per attack in 2020 according to Sophos. Smaller companies are especially vulnerable, with a fifth of them going out of business within six months of an attack.
Ransomware Trends
Lately, we’ve seen a trend toward more targeted attack campaigns. In the past, attackers were more likely to take a “spray and pray” approach targeting as many users as possible. Lately, they’ve begun to realize it’s more lucrative to focus on high-value targets and those with sensitive information to protect, such as businesses, healthcare organizations, and government departments.
That means instead of spamming thousands of email addresses at once with generic phishing attempts, they are more likely to employ so-called “spear phishing” methods that involve extensive research on victims to help them more convincingly impersonate trusted colleagues or business partners. And instead of mass scanning the Internet for vulnerable servers, they may choose particular targets for more concerted hacking efforts.
We’ve also seen the rise of so-called “double extortion” ransomware, which threatens to publicly leak data on top of encrypting it.
What if Your Systems Are Infected?
If you’ve been caught with your pants down, the first thing to do is isolate any affected systems from the rest of your network to avoid any further damage. At that point, system administrators or security professionals can assess the scope of the damage.
Can Data Be Decrypted Without Paying?
Occasionally, malware authors make mistakes when implementing the encryption routines in their ransomware, allowing analysts to create decryption tools that can successfully decrypt the hostage files in some cases. But sadly, when attackers effectively cover their bases, there’s no way to retrieve files without paying the ransom (or restoring from backups—see below).
Should You Pay the Ransom?
If all else fails, there’s the question of whether you should just pay up. The “official” answer of many cybersecurity experts and government agencies like the FBI is to recommend against it, pointing out that there’s no guarantee you will actually retrieve your files.
In reality, some organizations may find they have no choice, especially when critical data is at stake or sensitive information cannot afford to leak. Payment results in receiving decryption keys the majority of the time, but the success rate depends on the type of malware and the actors behind the attack.
How to Avoid Being a Victim
There are two sides to mitigating the risk of attacks: reducing the chance of infection with effective defenses and softening the impact when those defenses fail.
Security Best Practices
- Always keep your systems updated and roll out patches as soon as they are released.
- Enable antivirus software on all devices and set it to automatically update.
- Implement strong password policies and multi-factor authentication.
- Observe the principle of least privilege: Users should only have the permissions absolutely needed to perform their intended functions. Regular users should not have high-level administrator privileges.
- Use firewalls to limit access to important systems. Avoid exposing RDP connections to the wider Internet.
Education and Training
Since ransomware infections often originate from phishing attacks, employee awareness is essential. Workers should learn to recognize common features of phishing attacks and be instructed to avoid downloading unknown attachments or clicking links in suspicious e-mails.
Provide educational information about strong passwords, secure e-mail and Internet policies, and safe handling of sensitive data.
Cybersecurity Insurance
With the high monetary costs associated with data breaches and other cyberattacks, many businesses opt for cyber liability insurance, which can help offset financial losses in the event of a breach. Take care to purchase a policy that includes coverage for ransomware, as not all of them do.
The Big One: Backup and Disaster Recovery
A solid backup system is by far the most important piece of the puzzle in the fight against ransomware. At the end of the day, it’s not always possible to ensure that your systems are completely secure. New vulnerabilities crop up every day. An unpatched system could escape your notice, or you could be the victim of an especially well-crafted phishing attack.
This makes it crucial that you have a thorough backup system in place for all your important data, along with an effective disaster recovery solution to ensure that it can be recovered safely and efficiently.
Get Outside Help
Small businesses with fewer resources or less technical know-how can benefit from outside help. Managed service providers specialize in helping companies with their IT needs, including backup and business continuity. Most offer a variety of services that can integrate seamlessly with the systems you already have in place.