Ransomware: a Top Security Threat to Businesses

There are many different types of malware that target businesses, such as trojans, viruses and spyware, but in the last few years ransomware has risen to become one of the most common and threatening types of malware as it’s an easy way for cybercriminals to extort businesses for money. Ransomware is a type of malware that encrypts the data on infected systems, effectively locking the victim’s files so the cybercriminal can demand money in exchange for the files being unlocked.

Most, if not all, data in modern-day organizations is digitized, which means that cybersecurity is more important than ever before. While ransomware doesn’t exclusively target businesses, the combination of businesses having a wealth of potentially valuable information in one place, as well as the means to pay a ransom to get it back, makes businesses an ideal target for ransomware attacks. Small & medium sized businesses are particularly vulnerable since they’re less likely to have robust resources and systems in place to protect their data. In fact, 67% of ransomware targets are on small and medium sized businesses (SMBs) with sub-par IT security and valuable data.1 We don’t mean to sound alarming, but there has been such a huge rise in ransomware attacks that it’s said we’re in the midst of a ransomware epidemic.

Any business that has experienced corrupt or lost data, regardless of the cause, knows the devastating financial and operational impact it can have, so it’s essential that businesses take proactive persuasions to protect their data.

What Happens when you’re the Victim of a Ransomware Attack?

If the attack isn’t detected and stopped, files will be encrypted and held hostage for a sum of money. Payment is typically requested in the form of Bitcoin, other types of cryptocurrency or online payment voucher services, and the standard rate is somewhere between $100 to $2000 for each infected computer. Once the ransomware has infected one computer within a network it can begin to spread like wildfire, affecting more computers within the network, and the more computers that are infected the bigger the price tag gets for businesses. If cyber criminals manage to infiltrate a business’s servers and mapped drives where the most value data is stored, they often take advantage and demand even larger ransoms. Victims are instructed to pay the ransom within a specific timeframe which typically increases the longer it takes for the victim to pay. Ultimately if the ransom isn’t paid the data will be lost forever.1,2,4

Should you Pay? How Ransomware will Impact Your Business

Downtime from ransomware costs small businesses around $8,500 an hour, so it may seem like paying the ransom is the best, if not only, solution. However it’s not that simple. If you pay, there’s no guarantee that cyber criminals will follow through and return access to your data, they might still decide to delete or sell it.1,2 In a survey of 1000 Managed Services Providers (MSPs) they found that 42% of victims had paid the ransom, but 1 in 4 still never recovered their data. On top of that, if you pay the ransom you send the message that you’re a successful target, so you increase the chances of being repeat target of future ransomware attacks.

In essence, businesses that have fallen victim to ransomware may experience:

  • Temporary or permanent loss of sensitive or proprietary information
  • Disruption to business operations
  • Financial losses incurred during downtime and to restore systems & files
  • Potential harm to brand reputation 3
ransomware

Source: Datto Ransomware Guide (2016)

How is Ransomware Spread?

The specifics of how ransomware spreads varies depending on the type. One example is through spam, by tricking recipients into downloading/opening an infected document or clicking a link from an email. Another method is exploit kits, which identify security holes in software applications or plugins running on the victim’s computer or browser and use those as an avenue to spread ransomware.4

Some of the most predominant types of ransomware include CryptoLocker, CryptoWall, CTB-Locker, Locky, TeslaCrypt, TorrentLocker and KeRanger, however in 2017 a new type of ransomware called WannaCry, shook the globe affecting 125,000 organizations in over 150 countries.1,3 WannaCry in particular is spread by using software to remotely connect to a machine in a business’s network and adding malware to encrypt the victims data. With WannaCry or any other type of ransomware, once the malware has gotten onto the network it can spread like wildfire to other machines in the network, maximizing the threat.3

Steps for Prevention

Despite common belief, having antivirus software installed and educating staff about spam emails isn’t enough to protect your business from ransomware. On the surface, and at the very least, your business should have the following:

  • multiple Data Back-ups are regularity tested
  • detailed Disaster Recovery Plan
  • up-to-date anti-virus and anti-malware solutions
  • education programs to help employees identify scams and malicious links/documents

However, the above is in no way ‘four steps to preventing ransomware’ – that couldn’t be farther from the truth. In order to prevent and catch ransomware attacks (as well as any other malware attacks), your network and machines should be consistently monitored & maintained. Even if you already have an internal IT department that is taking preventative measures, having the support of an outsourced Managed Services Provider (MSP) can help you build a robust backup and recovery plan with protective solutions, and assist with monitoring & support to ensure that you can rest easy that your data is safe.

Ransomware attacks are more common than you think, and when it comes down to it they are unavoidable. What you can control is the degree to which you’re prepared for the attacks and the precautions you’ve taken to protect your data. Businesses often don’t realize they have gaps in their IT Security until they are exposed by a ransomware attack, but working with a Managed Services Provider (MSP) can help you find those gaps ahead of time.

Curious what happens when your security gets compromised? Read our blog about a client that only realized the gaps in their IT security when they were infected by ransomware.

1 https://www.datto.com/ransomware
2 http://resources.idgenterprise.com/original/AST-0113606_Analyst_Insight_Downtime_and_Data_Loss_How_Much_Can_you_Afford.pdf
3 https://www.datto.com/wannacry
4 Datto Ransomware Guide (2016)
5 Datto State of the Channel Ransomware Report (2016)