In recent years, ransomware has become the preferred method for hackers looking to extort money from both users as well as small and medium sized businesses.
The concept of ransomware, however, is not a new one. It has been creating problems for small businesses since 1989, starting with the ‘AIDS Trojan’. Distributed via a floppy disc, the ransomware mimicked a software expiry notice – requiring users to pay a ransom by post so files could be decrypted. This ransomware, however, was considered easily breakable due to an over-reliance on symmetric cryptography, along with a less than perfect distribution method. Thus, it passed without significant damage.
In today’s business landscape, we are witnessing a gold rush powered by cyber-extortion. This has been brought on by a combination of both technological progression, and a greater proliferation of ready-made ransomware packages available to scammers through the Dark web.
SMBs are not exempted from this threat. Au contraire. There are relatively easy targets because of the high rate of return of successful scams, alongside the relative ease of infiltration. Also, big businesses often place greater emphasis on investing in security compared to SMBs, making them a more difficult target.
Ransomware is a high-margin scam – especially when it aims at smaller, less secure businesses. Contrary to popular belief, this type of scam is neither difficult to orchestrate, nor does it require significant cyber-intelligence from the attacker. Another problem is that due to the low cost of producing this type of attack, a ransomware campaign only needs a low conversion rate to be considered a success. In comparison, focusing resources on attacking a single large company can often yield no results.
In a recent survey of UK businesses, however, over one third of those had suffered a ransomware attack, with 31 per cent admitting they would rather pay the ransom instead of losing vital data. The problem with this approach is that there is no guarantee that a business will ever receive the decryption key, due to the command and control server potentially being under investigation from a security vendor or law enforcement. Consequently, an organization could pay a large sum of money to retrieve its data, and receive nothing in return.
But paying the ransom itself does not have the biggest business impact. According to a recent study, it falls far behind the cost of data recovery, reduced statistics, lost sales, missed deadlines, and troubled employees.
SMBs are a lucrative target for ransomware attacks as they usually possess more significant financial resources than end users, while rarely undertaking the comprehensive security policies of larger companies. Some companies make hackers’ jobs easier by posting company email addresses online. While this is a minimal risk with modern security solutions and continuous data protection policies, a large number of SMBs minimize the risks and do not take advantage of the security available to them.
Business users and IT administrators should to set up regular offline, off-site backups to critical data to prevent malware from finding the network connected storage, and encrypt this data. Unfortunately, nearly one-third of SMBs rarely or never back upcompany files.
attacks or spear-phishing attempts.
IT administrators are also encouraged to set up access control lists and restrict user permissions on endpoints to ensure employees don’t accidentally install suspicious or rogue software.
Malware developers have started exploiting new platforms, such as Linux. As they broaden their perspectives by targeting operating systems that have a large market share, the chances of infection increase exponentially. A security solution that can stay ahead of the constantly shifting threat landscape is indispensable.