Colonial Pipeline, a major fuel pipeline connecting the entire East Coast was hit with the largest-known cyber attack on U.S. energy infrastructure. The security incident which was followed by a shutdown of the pipeline led to panic buying of gas and a sharp price jump. The type of cyber attack behind this devastating incident was ransomware.
Some of the latest predictions show that the global ransomware damage costs will reach $20 billion in 2021, making it one of the fastest growing types of cybercrime. But ransomware is no recent threat. In fact, it has been around since the late ‘80s with the first known strain developed in 1989.
Evolutionary biologist Dr. Joseph Popp created the PC Cyborg Trojan, known as AIDS Trojan. Infecting 20,000 disketted with the malware, Popp sent them all around the world, presenting it as a program that shares information on AIDS (hence the name). But, once the recipients inserted the diskett, their computer was infected and malware encrypted the names of all files on C:, asking for a $189 ransom to return access to the files.
While it wasn’t a sophisticated attack (the decryption key was easily obtained from the malware’s code), this marked the beginning of what will become one of the most devastating and widely-spread cyber threats on both individuals and businesses.
Ransomware can spread in many ways: from taking advantage of your system’s security weakness to luring your staff through phishing emails. And ransomware authors and malicious actors aren’t picky about their victims. Businesses of all sizes can fall victim to a ransomware attack even if they aren’t considered a “big fish”. If cyber criminals attack a small business and ask for a small ransom of $500, successfully attacking 50 targets can be enough for their efforts.
We have talked about ransomware as one of the top 4 most common cyber threats for SMBs in 2021 and now it’s time to take a deep dive into types of this cyber attack, who is targeted, and how to act proactively and protect your SMB from ransomware.
Ransomware is a type of malware that, when it infects a device, denies access to its owner, whether access to specific files or the entire system. Access can only be regained if a ransom is paid. But how does ransomware make its way to your device?
Usually, a ransomware attack begins with a persuasive phishing email that contains a link or an attachment that when clicked or downloaded triggers the ransomware to install on your device. After that, it will encrypt the data on the infected device, rendering it inaccessible to the owner. You will get a message informing you that you have been attacked and demanding payment for the decryption key.
Phishing emails aren’t the only way in which ransomware is delivered to a victim’s device: attackers can work by exploiting known security vulnerabilities present on an operating system that hasn’t been updated, unpatched software programs and even hardware such as routers.
It truly is a devastating scenario to find yourself in: attackers having access to your company’s most sensitive files, demanding ransom from you to access it. It’s made worse with the fact that there is seemingly no right answer on how to act — pay the ransom or not?
If you don’t pay the ransom, you might never be able to recover your files again. And if you pay the ransom — you could be breaching regulatory compliance and even inspiring cyber criminals to attack you again in the future.
Also, who can give you the guarantee that you will get access back? They are criminals, after all. That can leave you with financial losses, disruption of operations and even reputational damages, when you have to report to everyone about your data breach and explain to your customers what happened with their data.
While we are most familiar with the “typical” ransomware attacks, there are a few variants and types used by cyber criminals today, a few not so well-known:
Cybersecurity should be on top of the agenda for businesses of all sizes and across all industries. With much of the workforce now operating remotely and leveraging new technologies to maintain operations as usual, businesses of all sizes are now facing the growing number of cybersecurity risks, and ransomware takes the number one spot as the most prolific threat.
Small businesses are especially vulnerable to ransomware as they often have weaker defenses than large corporations and don’t put that much focus on cybersecurity due to limited budgets and resources for an expert IT team.
Additionally, many small businesses adopt the damaging “It won’t happen to me” attitude while still holding customer data that is valuable to attackers. And they won’t waste a second to take advantage of this unprepared stance of SMBs.
Just look at the industries that are most vulnerable to cyber attacks in general, including ransomware:
While it might seem like there are no right answers on how to act when your business suffers a ransomware attack, there are some sure-fire ways to work on your prevention. Thankfully, some basic cybersecurity hygiene practices are enough to make sure you are prepared when the danger strikes.
Regularly backing up all of your sensitive and critical information and systems can help your business recover more easily and ensure business continuity in the case of being hit with a ransomware attack. Backups can take place as either local backup or be cloud-based, with the latter being a superior security practice.
We mentioned that one way malicious attackers gain access to your system and infect it with ransomware is by exploiting vulnerabilities in your OS, software and programs. This is why regularly patching and applying available updates is crucial in eliminating known security vulnerabilities in your entire IT environment. Have an established patch management process where you periodically check for available updates and apply them immediately. If you leverage an anti-virus solution, make sure it’s also updated as the new patches provide protection against newer forms of malware.
Your first, and often the weakest, line of defense is your staff. You can have all of the appropriate security tools and software ready to detect and prevent attacks, but all it can take is an employee clicking on a wrong link and your entire network is served with ransomware. Your staff should be aware of how to spot a phishing link and to never share their credentials without verifying the source. And on an organizational level, password policies that dictate strong passwords that are changed periodically as well as enforcement of multifactor authentication (MFA) can provide much needed protection for your business’s data.
Working with a trusted MSP can bring many benefits to small and medium sized businesses, as we highlighted in our "Why Your Startup Should Leverage an MSP" article. An MSP can help your small business with every step in protecting against ransomware and other types of cyber crime:
The final tip we can give is to never pay the ransom. Beside it being illegal in certain areas and being a huge breach of compliance (which can result in legal fines), it’s highly important that you never give criminals what they want. Don’t even negotiate with them. Another fact is that the more businesses pay the ransom, the more motivation attackers will have to continue infecting others, and even attacking you again. The best thing to do in a situation of suffering a ransomware attack is to contact your local authorities and let them contain the situation. Work with a trusted MSP to find decryptors and have a disaster recovery plan with them in place.
Altitude Integrations’ mission is to provide proactive and innovative IT solutions to small & medium-sized businesses around the globe. We are equipped to handle any cybersecurity challenge your business might face so don’t hesitate to contact us and find out how we can help you be cyber resilient in the current threat landscape.