Small businesses are a prime target for hackers who aim to infiltrate their systems and hold their data hostage until they pay a ransom. The hackers bank on a lack of security and some employees’ poor digital practices to break in. Judging from the 300% increase in ransomware payments made by victims this year, they have been successful.
Being a ransomware victim can be disastrous for small business owners, particularly those on tight budgets. Cybersecurity firm Palo Alto Networks found the average payout for a ransomware attack was $570,000 in the first half of 2021, up from about $312,000 in 2020. According to the National Cyber Security Alliance, 60% of small businesses do not recover from a cyberattack.
“It can have a devastating effect on small business owners who don’t have the funds for security equipment or cyber security insurance for if and when they have a ransomware issue,” Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks, told business.com. “They can be in a tough spot if they don’t have the money to pay for ransomware or the technical capabilities to restore their data.”
Ransomware is a form of malware that, once installed on a computer, locks up access to your hard drive until you pay a ransom. Victims see an onscreen message alerting them the computer has been locked or the data encrypted. They are told to pay a specific ransom to regain access to their systems. Usually the payment is required in bitcoin, a popular cryptocurrency, which further complicates the situation. The cost to get your data back varies depending on the target. An individual may be required to pay $500, while a company might have to pay $500,000. This year alone, ransomware has wreaked havoc on supply chains, utilities and even schools.
Ransomware has grown in popularity over the years as cybercriminals have become more sophisticated. With victims willing to pay, cybercriminals have all the incentive they need to deploy ransomware aggressively.
“As with any industry, it is a supply and demand business,” said Daniel Clayton, vice president of global security operations and services for the cybersecurity firm Bitdefender. “If we continue to pay ransomware, we will continue to be attacked. It’s not unusual to see a company get hit once and then again, sometimes by the same group.”
Don’t think ransomware is a problem? In the first half of the year, there were 304.7 million attempted ransomware attacks across the globe, surpassing the 304.6 million seen in all of 2020. In the first six months of 2021, ransomware was up 151%.
There are several ways hackers can pull off a ransomware attack. Cybercriminals obtain access to a business’s computer network via phishing emails that contain malicious links or attachments. These emails aim to trick users into visiting websites that download the malware behind the scenes. Then the malware gets ahold of employees’ credentials for a company network. Instant messaging apps on social media can also spread malware.
“The main ways they come in is through phishing emails or clicking on a link,” said Raj Samani, fellow and chief scientist at McAfee, the security company. “Some of the big game hunters and even lower operators are looking for a chink in the armor.”
That has been made easier thanks to the COVID-19 pandemic, which made remote work a much more common practice. Before the pandemic, McAfee conducted a scan of the internet and found about 1.5 million systems with Remote Desktop Protocols (RDP) exposed to the internet, which is a common vector for ransomware. Within months, that number had increased to 3.5 million.
In the past, hackers targeted specific companies with ransomware, but that, too, has changed. Now their strategy is volume. “The groups going after the big game are quite small in number as opposed to the volume attacks. There are millions of them, which impact everybody,” said Samani.
|Ransomware attack type
|Method to get in
|Victims receive an email with a link or file that contains malicious code. Once they click the link or file, the malware is deployed.
|Hackers use brute-force attacks to get into a company’s network through the Remote Desktop Protocol, or they purchase network access. Once in, they unleash ransomware.
|Hackers exploit vulnerabilities in the network’s software.
Ransomware comes in many flavors, but the end goal is usually to make money. That’s been the case with previous high-profile attacks, including one on Colonial Pipeline, which operates the country’s largest gasoline pipeline. When hacker group DarkSide unleashed the attack this spring (without admitting guilt), it said the group intended to make money, not create chaos. Hackers use some of the following tactics to achieve success:
The most common type of ransomware is when hackers encrypt your data, making it inaccessible unless you pay the ransom. They usually make you pay in cryptocurrency because digital tokens can’t be traced.
Ransomware attacks are big business for hackers, costing victims $29 million in 2020. While attacks like the one on Colonial Pipeline garner a lot of attention, ransomware impacts every industry. The areas most prone to attacks include the following:
“Ransomware is that category where they are targeting companies big and small,” Clayton said. “Unfortunately, it’s something everyone should be concerned about.”
Ransomware and other cyberattacks are just some of the scams small businesses face. Learn more about what else small businesses need to be on the lookout for in our small business scams guide.
The impacts of ransomware vary depending on the cost associated with recovering your data or unlocking your network. The $29 million it cost the country last year doesn’t include lost business, time, wages, files, equipment and third-party remediation services. Here are a few of the many negative impacts of ransomware:
Ransomware can devastate a small business beyond the financial toll. An attack can tarnish your business reputation and shake the confidence of your IT staff.
Ransomware isn’t completely avoidable, but there are steps you can take to reduce the likelihood you’ll be a victim. Here are four steps you can take to help prevent ransomware attacks:
The longer it takes to recover your data, the longer your business isn’t operational. But if you already have a data recovery and continuity plan in place, you can better manage a ransomware attack. That is why a cybersecurity risk assessment goes a long way in prevention.
“Ask yourself if my systems were no longer accessible could my business continue to run,” Samani said. If the answer is no, it’s time to plan for the unthinkable.
Educating employees on how to stay safe online is extremely important, particularly with many workers still connecting remotely. Clicking on a phishing link in an email or visiting a questionable website are still common ways to infect a network, which is why employees need to know what to be on the lookout for. It’s also important to require strong passwords and multifactor authentication when logging in to the network. Miller-Osborn said periodically conducting phishing tests of your staff won’t break the bank and will help identify any areas where further training is necessary.
Ransomware attackers treat their operations as a business, focusing on targets that are easy to infiltrate. As a result, Clayton said one of the best defenses is making your company too expensive for hackers to attack. That means keeping systems up to date and patched, ensuring antivirus and antimalware software are set to update and run scans automatically, and backing up your data regularly. It also means putting in place a business continuity plan if your data is held for ransom.
“You want the attackers to have to jump through as many hoops as possible,” Clayton said.
Many leading insurance companies offer what is known as small businesses cyber insurance. For under $2,000 per year, you can get protection from ransomware and other attacks. That is the case with many of the best insurance providers. Consider the providers below:
Protecting your business doesn’t have to break the bank. Educating your staff on staying safe online and implementing strong password policies can go a long way in preventing a ransomware attack. Need more peace of mind? Consider taking out a cyber insurance policy.
Despite your best efforts, you may still fall victim to ransomware. While your first inclination may be to pay the ransom and get back to business, security experts say that is a big no-no. Not only does that embolden the bad guys, prompting more attacks, but you are more likely to get hit again. After all, they know how to get in and they know you will pay up to get your data back.
A better initial option is to check with No More Ransom, an initiative between the National High Tech Crime Unit of the Netherlands police, Europol’s European Cybercrime Centre, Kaspersky, and McAfee to help victims recover their data without paying a ransom to the cybercriminals. On the website, you can search for free decryption keys, which may regain access to your data. It’s also important to report the attack to the FBI by contacting your local field office. The more information the FBI collects on ransomware, the better equipped it is to thwart future attacks.
After an attack, focus on containing the malware in your network and preventing it from spreading. After all, you can’t get your business up and running until the threat is contained. Have your IT staff or outside support pinpoint, contain and clean up the malware. Only after that should you restore your data from backup. Don’t forget to alert your customers, investors and other critical constituents about the breach. They have a right to know, and you don’t want them to sue you for sitting on an attack. The more forthcoming and transparent you are, the more your clients will trust you.
Ransomware is scary and costly, but it doesn’t have to mean the end of your business. If you follow the above tips and back up your data on a regular basis, you should be able to survive a ransomware attack.