Ransomware attacks on small businesses can have major consequences. Many small companies have little spare capital and certainly not enough to be doling out cash to cybercriminals, let alone enough to cover the cost of loss of business while systems are taken out of action. Many small companies are one ransomware attack away from a hue loss being incurred. One attack and they may have to permanently close their doors.
A recent research study conducted by Osterman Research for Malwarebytes has shown the terrible effect of ransomware attacks on small businesses.
1,054 businesses with less than 1,000 employees were surveyed and asked about the number of ransomware attacks they had suffered, the cost of addressing those attacks and the impact of the ransomware attacks on their business.
Anyone who is keeping up to the news should be aware of the increase in ransomware attacks. Barely a week goes by without a major attack being revealed. The most recent study has confirmed the frequency of attacks has increased. More than one third of companies that took part in the survey showed they had experienced at least one ransomware attack in the past year.
The survey also showed the terrible impact of ransomware attacks on small companies. More than 20% of small businesses were forced to cease operations immediately after an attack. 22% of businesses were forced to shut their businesses.
Those firms able to weather the storm incurred major costs. 15% of companies lost revenue due to having their systems and data locked by ransomware and one in six companies suffered downtime or more than 25 hours. Some businesses said their systems were taken out of action for more than 100 hours.
Paying a ransom demand is no guarantee that systems can be brought back online quickly. Each computer impacted requires its own security key. Those keys must be deployed carefully. An error could see data locked forever. A ransomware attack involving many devices could take many days to resolve. Forensic investigations must also be completed to ensure all traces of the ransomware have been removed and no backdoors have been installed. That can be a difficult process.
Multiple-device attacks are becoming more typical. WannaCry-style ransomware attacks that include a worm component see infections spread rapidly across a network. However, many ransomware variants can scan networks and self-replicate. One third of companies that were hit by a attack, said it spread to other devices and 2% said all devices had been encrypted.
Can ransomware attacks on small businesses be stopped? Confidence appears to be dipping. Almost half of respondents were only moderately happy that they could prevent a ransomware attack on their business. Even though a third of businesses had ‘anti-ransomware’ defenses in place, one third still suffered attacks.
Sadly, there is no single solution that can stop ransomware attacks on small companies. What groups must do is employ multi-layered defenses, although that can be a major challenge, especially with restricted resources.
A risk assessment is a good place to kick off. Groups need to review at their defenses critically and assess their infrastructure for potential vulnerabilities that could be targeted.
Ransomware attacks on small companies usually happen through email with employees targeted using phishing emails. Organizations should consider implementing a spam filtering solution to reduce the number of malicious emails that land in inboxes.
Some emails will inevitably get through these defenses, so it is important for staff to be security conscious. Security awareness training should be ongoing and should include phishing simulations to find out how effective training has been and to single out employees that need additional training.
While ransomware can appear as an attachment, it is usually installed through scripts of when users visit malicious websites. By blocking links and preventing end users from visiting malicious sites, ransomware downloads can be blocked. A web filtering solution can be deployed to block malicious links and sites.
Anti-virus solutions should be kept updated, although traditional signature-based detection technology is not as effective as previously. On its own, anti-virus software will not offer sufficient levels of security.
As was clearly displayed by the WannaCry and NotPetya attacks, malware can be downloaded without any user interaction if systems are not configured correctly and patches and software updates are not applied promptly. Register for alerts and regularly check for updated software and don’t delay patching devices.
A ransomware attack does not have to result in serious losses for your company. If organizations back-up their data to the cloud database, on a portable (unplugged) local storage device and have a copy of data off site, in the event of an attack, data will not be lost for your business.
