Ransomware Attacks

NOTE: if you have already been the victim of a ransomware attack, please contact us immediately.

While you’re running your business, there are evil people thinking up new ways every day to steal your hard-earned dollars. It seems like they never sleep. You’ve taken steps to ensure that you won’t be an easy target like installing good alarm systems, running background checks on potential employees, and hiring security guards (or you yourself carry). And that’s great for threats you can see, but what about the virtual bad guys? How do you fight them? Sadly, many companies never think about this until it’s too late. Kudos to you for taking the time to research cybersecurity threats and how to protect your assets. Ransomware has become one of the most costly types of malware in the last decade. At Buzz Cybersecurity, we have seen this happen and it’s never pretty. You’re probably wondering how to prevent ransomware. Let’s take a more in-depth look at it and how you can avoid becoming a victim.

What is ransomware?

In layman’s terms, ransomware is a type of malware that gets its name from the fact that the attackers gain access to data and hold it hostage for a ransom. This is known as cryptoviral extortion. Cybercriminals can block the company’s access, or if its particularly sensitive data, threaten to make it public if the demands are not met. Such attacks are becoming more frequent and more brazen. Earlier this month Variety reported that a group known as REvil claimed to have dirt on President Donald Trump and threatened New York law firm Grubman Shire Meiselas & Sachs with a data dump if they did not receive $42 million within 7 days, doubling their fee after the firm made an offer of $365,000. To show they meant business, and as a possible punishment for what they considered an insulting offer, REvil published a 2.4 GB document containing another client’s info: Lady Gaga’s contracts for concerts, TV appearances, and merchandising. Since payment is typically demanded in Bitcoin or some other cryptocurrency, tracing the ransom and making arrests are still very difficult. Research shows that 70% of those infected with ransomware have paid to get their data back, even when advised not to by law enforcement, so there seems to be little incentive for these cyber-terrorists to stop anytime soon.

How do ransomware attacks work?

Most ransomware attacks begin with an unsuspecting employee opening an email attachment that has a trojan disguised as a legitimate file. (Although it should be noted that much is still unknown about how some attacks were able to take place; in 2017 computers using Microsoft Windows were the target of the “WannaCry Worm,” which traveled between computers without user interaction) Once released, the malware is able to encrypt the user’s data, usually by tricking him or her into giving it admin access. However, if a company has significant security holes, aggressive malware may not need to trick the recipient. A message is then sent to the victim with instructions on how to pay the ransom electronically. Once received, a mathematic key is sent to the company so the files can be unlocked.

What’s at stake?

In 2019, ransomware is estimated to have caused organizations global damage to the sum of $11.5 billion dollars. The average amount a company would pay last year was $41,000. But according to an article in Forbes Magazine, that number has more than doubled in 2020 to over $84,000. That includes lost revenue, hardware replacement, and repair costs, but the damage to a company’s brand is harder to gauge. And while 98% of those who paid did get an encryption tool, on average they still lost 3% of their files. That may not sound like much, but remember, there is no guarantee that you will be one of the lucky ones that are dealing with a thief who intends to honor their word in the first place and give you anything. And you should also expect your normal IT duties to take a backseat during recovery. It can take many, many hours to get things back to where they need to be.

Who’s at risk?

You might think that because you’re a small business, hackers will bypass you in favor of larger corporations who will be able to pay a larger ransom. And that’s what they are counting on. While it’s true that government agencies, big law firms, and medical facilities make tempting targets because they are more likely to pay up quickly, often times targets are chosen because of ease of opportunity: smaller businesses don’t always have the security measures in place that keep the bad guys from finding the weak link in the fence. According to an article by CNBC published late last year, 43% of small businesses are targeted, but only 14% are prepared to defend themselves. And as we like to say here at Buzz, the best defense is a good offense.

Steps you can take starting now

The truth is that no organization is immune to ransomware, but there are some things you can do to ensure that you are less of a target and mitigate the damage if you are attacked.

1. Take stock of your current situation. This is a step you cannot afford to skip. By keeping your operating system patched and up-to-date, you make it harder for cyber thieves to exploit you. If you’re not sure what to look for, Buzz Cybersecurity has a free audit that you can take advantage of to ensure you don’t have “open doors” that are inviting an attack.
2. Back up your files- frequently! While this won’t stop a ransomware attack, it at least ensures that you have a disaster plan recovery (DPR) in place that will make the damage much less significant.
3. Invest in anti-virus software. Again, nothing is foolproof, but a good system will detect malware programs and may prevent ransomware from successfully getting access to your data. Don’t assume though that the software that was included with your PC is going to meet your needs. We can help you look at the variables that you need to consider when choosing the right software that will protect your most valuable data.
4. Educate yourself and your employees. It’s not enough for you to know what to do to prevent an attack. You should look to bring your entire team on board so everyone can work together. We offer a program called Lunch & Learn that’s free for your company, and we cover things like the basics of malware, how to spot and avoid a potential phishing email, protecting credentials, and what to do if an employee suspects there has been a breach.
5. Network monitoring. You can’t be everywhere at once, so we recommend having an added safety net in place. There are some free tools available out there, but again, like anti-virus software, it may be missing key features that you need. Because of the many drawbacks such as not being able to upgrade and most not offering any support should you need it, many in upper management are not comfortable using these tools and we can’t say we blame them. The fact is these products will not give you the same stability or reliability as a paid commercial tool. We started off talking about threats you can see- and in the same way that a good home security system protects your loved ones and gives you peace of mind, Buzz Cybersecurity specializes in actively monitoring your “cyber-home” during an attempted break in.

These steps are not all-inclusive, but some basics to get you started. We’re happy to talk IT shop with you if you want to take the next step. Or sign up to get our emails and stay in the loop on the constantly evolving world of cybersecurity. You’ve put your blood, sweat, and prayers into your business. Don’t let some punk who’s never worked an honest day in their life swoop in and take it from you.

Image by Pete Linforth from Pixabay