What Small Businesses Need to Know About Ransomware
You don’t have to look far past the news headlines to see that ransomware is a big and growing problem today. It’s plaguing hospitals, schools, and even government municipalities. What used to be considered an “enterprise-only” problem has now become a major small business problem.
And companies have a lot to lose — $1 billion per year, to be exact. Between the massive growth in IoT, increasingly easy credit card fraud, DDoS attacks, and more, ransomware is expected to dominate in 2017.
As a small business, you need to be prepared to defend against ransomware. In this post, we’ll provide a primer on what ransomware is, how it works, and how you can protect your data and business.
What is Ransomware and How Does it Affect Small Businesses?
Ransomware is a type of malware that is able to hold digital files (e.g. documents, images) hostage until a sum of money is paid by the business to unlock them. As a business, you have three options:
- Pay up
- Restore from a backup (if you have one…)
- Suffer the consequences of not being able to access your data (which can bring business to a grinding halt)
Since most businesses can’t afford downtime, they opt to pay up. Depending on what is being held hostage, this can cost from $200–$30,000 per incident. That is, unless you happen to have an insurance policy that covers such attacks, like the Los Angeles Valley College thankfully had.
But sometimes even after a ransom is paid, criminals can demand more money or refuse to unlock the files. Even if all goes to plan and the criminals do provide the decryption keys, you still lost valuable time, and may have even suffered embarrassing news coverage.
So why are small businesses being hit the hardest by ransomware? Two factors:
- Attackers know many small businesses can’t afford robust security solutions nor do they have in-house IT resources like larger enterprises do, making it easier for intruders to climb in undetected.
- Attackers are automating ransomware attacks, which is a very low-cost, high-volume approach that makes it possible to attack organizations of all sizes.
Good news: The tides are quickly changing in favor of small businesses. But to understand the solution, we must first understand how ransomware works.
How Ransomware Works
Ransomware typically embeds itself in your network via an email, ad, or web link that is clicked. Because it’s delivered via email or the web, it can often get through firewalls and other security protections that simply aren’t built to detect these attacks.
The most successful attacks are against employees who are not well-educated about phishing emails, which are most often the delivery vehicle for ransomware. All it takes is one click on a bad link for malicious code to enter your network. Even sneakier, there are new strains of malware that can get in without even requiring a click. It’s no wonder ransomware is spreading like wildfire.
Once ransomware is in your network, its next move is to “phone home” to the criminals who sent it (its command and control center, or C2). By phoning home, the ransomware collects the keys for encryption and then notifies the C2 that they were successful. It then moves on to encrypting every file it can find on the local system and any network shares it’s authorized to change. At this point, the infected system will display a notification on the local device (like the one below), requesting ransom from the infected user.
How to Protect Your Business From Ransomware
The good news is that you actually don’t need a hefty security solution and dedicated security team to combat ransomware. Here are four best practices to protect your system from ransomware:
1. Email Safety Training
Email is one of the most notorious ways ransomware gets in, so it’s a good idea to educate your company about the basics of email safety. Explain not only the basics like using complex passwords, changing them regularly, having a password management tool, and enabling two-factor authentication, but also show them what ransomware emails look like and what to do when one comes in.
2. Backup Your Data and Regularly Test the Restore Process
You need to be able to ensure that if an attacker does try to hold your data ransom, you can continue business as usual with a redundant copy. To do this, back up both your local data and anything stored in the cloud — everything from customer data to payment details, and financials to other personally identifiable information (PII).
There are many options for backups, but the most important thing is to do it regularly (ideally daily) and follow the Rule of Three:
- Have three copies of all important data
- Keep copies in two formats (for example, local hard drive + Dropbox)
- Store at least one copy offsite (yes, in the cloud counts)
3. Stop Ransomware Communication to Known Bad Places
There are databases that keep track of where criminals set up their malware infrastructure. These databases include IP addresses, domains, and other sources that have sent malware in the past.
Using a DNS blackhole that leverages these databases can help you to block the known malware strains and prevent them from doing damage to your systems. This can help you automatically stay on top of and protected from the latest malware threats.
4. Locate and Remove Infections Quickly
Most security defenses today focus on keeping threats out altogether (which isn’t realistic) or just getting rid of them (which isn’t enough). The reality is that ransomware will get in at some point. Once it does, you need to know how exactly it got in and who its victims are. Otherwise, even after you remove it, how can you be certain it’s gone and won’t do further damage? Not to mention you won’t be prepared to protect against similar attacks in the future.
Previously, the only way to deal with ransomware was with a costly “nuke and pave” approach where techs are sent in to find, format, reinstall, and restore. But this isn’t logical for small businesses, and it can cost you a lot of time and money, plus you won’t know anything about the attack or how to prevent it from happening again in future.
With the right protections in place, you can not only detect ransomware, but also investigate and eradicate threats—fast.