Ransomware Targets Small Businesses

No business is too small to be hacked.

Cybercriminals have found small businesses to be more profitable than large corporations because they lack the resources to set up protective barriers. Most big companies have updated their security so they are less vulnerable – but not impervious – to these attacks.

These days, one of the greatest security threats to small businesses is ransomware.

Ransomware is any virus that infects a computer, encrypts files and threatens to render them useless unless the victim pays for a key code that decrypts the information.

Last year, there were 2,453 reported ransomware incidents in the U.S., in which victims paid about $24.1 million. We can expect much more in 2016, says the FBI, defining ransomware as “an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.”

These kinds of attacks can be so damaging to revenue and customer expectations that many small businesses are forced to close after one attack. Many companies that survive a ransomware attack are targeted again.

Today more than half of all online attacks target small and mid-size businesses. If you’re not deploying some level of security, you can nearly guarantee your company will become the victim of a cyberattack such as ransomware.

Phishing, or its more sophisticated version, "spear phishing," is often used to spread the malicious software called malware. Emails lure the victim to click on a link, which downloads the ransomware.  Spear phishing targets specific victims by personalizing an email to make it appear especially legitimate.

Cybercriminals can do this by gathering information about your company and employees from various sources, including social media accounts. Ransomware is also spread through malicious advertising, called malvertising, which appears to be legitimate advertising on legitimate websites. When you click on the malvertising, the malware automatically downloads onto your computer.

Yet another way cybercriminals strike is by infecting legitimate websites. Just visiting the site, without clicking on anything, is enough to infect your computer. CryptXXX, a newer version of ransomware, is spreading in this manner and was used recently to infect the website of American toy maker Maisto.

Hackers are always at work developing new versions of ransomware they often sell on a part of the internet called the Dark Web, where less technically sophisticated criminals buy and sell malware as well as stolen information, such as credit card numbers. The most popular ransomware programs in 2016 include Teslacrypt, CTB-Locker and Cryptowall.

The best security software companies are always going to be playing catch-up when developing security patches for these newly discovered vulnerabilities, called Zero Day Exploits. It is interesting to note, however, that older forms of ransomware for which there are security software defenses have been used effectively against victims who have failed to update their security software.

Nearly all company data breaches come, in one form or another, from insiders. Data breaches can start with a disgruntled employee or one seeking a material gain. Usually they are the result of inadequate management of data access permissions compounded by innocent mistakes committed by employees, such as clicking on an email with a malware attachment.

With all the publicity about phishing attempts, it would seem like people would be much more careful about opening email attachments from unknown sources. But the 2016 Data Breach Investigations Report showed 30% of phishing messages were opened, up from 24% last year, and that 12% of email users went on to click the malicious attachment.

Ransomware viruses typically demand a ransom be paid in the form of bitcoins, digital currency that is difficult to trace. Paying the ransom certainly does not ensure your data will be returned. These are criminals, after all.

The key to avoiding or, if necessary, defeating a ransomware infection is to be vigilant and prepared. Here are five tips to prevent or overcome a ransomware infection:

1. Use extreme caution when clicking on links inside of email.

Ransomware viruses are often spread by malicious HTML links found inside emails. Attackers use email “phishing” techniques to trick people into thinking the email is from a trusted sender. The victim believes the link will take them to a safe website. Instead, it leads to a malicious site designed to spread ransomware. If you’re going to click on a link inside of an email, be absolutely certain who the email is coming from.

2. Beware of email attachments.

It’s not just the links inside emails that you need to worry about. You also have to be extremely careful when clicking on email attachments. That’s why you should never, ever click on an attachment from an unknown sender. Even if you think you know the sender, you should still be careful. While some malicious emails are easy to spot, attackers are getting more savvy. For example, some emails may look like a harmless request from a business partner or a notification from your bank. Do your best to confirm the email is valid and safe before opening any attachment.

3. Keep your firewall and security software updated.

Check regularly to make sure your firewall and antivirus software are updated and working properly. While security software vendors can’t guarantee complete protection, updated security software and firewall protection is the first line of defense. Security vendors do their best to spot and remove phishing attempts and are often effective. But keep in mind new threats pop up all the time.

4. Set clear information security policies and educate users.

Education is key – especially in business environments. If you want to protect your business from ransomware, it’s important to set clear information security policies related to emails, links and attachments. Communicate the policies to employees regularly. Educate employees about the threat of ransomware and the importance of remaining vigilant when it comes to email.

5. Back up your files!

While all of the tips provided so far may be somewhat effective, nothing is foolproof. You must be prepared to deal with a ransomware infection if it happens. Back up your files regularly. It’s a surefire “Plan B” should efforts to protect against ransomware viruses ever fail. Creating backups of computers and servers is a must.

The best backup system is one that works automatically in the background. It’s also important to use a backup solution that can be rolled back to a specific date. This allows you to effectively go back in time before infection occurred and retrieve clean versions of your files.

The good news is that AM Data Service has the tools and knowledge to help your business prevent or overcome a ransomware attack. Every managed services client has a basic level of protection provided as part of their package. Every company of every size should invest in advanced security measures.

Contact AM Data Service at (734) 744-5300 to learn how you can better protect your data and your company from ransomware attacks.

Page: 12 - All