Cybercrime has reached unprecedented proportions across the globe, with nearly half of all cyberattacks committed against small businesses. For those running small enterprises in 2020, it’s not just the implications of COVID-19 you need to consider. Rather, consider the rise of ransomware attacks or the “hackopalypse.”
What is ransomware?
Ransomware is a type of malware that encrypts or otherwise locks users out of their files. When users try to access their data, they receive a notice demanding the payment of a ransom to regain its use.
Ransomware has been around since the 1980s. The last decade has also seen various ransomware trojans crop up. However, the real opportunity for attackers has been the introduction of Bitcoin.
This cryptocurrency allows attackers to collect money from their victims without going through traditional channels. Its impact can be devastating for small businesses.
What are the implications of cybercrime?
According to a survey by cybersecurity and backup firm Datto, one in five small to medium-sized businesses fell victim to a ransomware attack in 2019. The consequences of a ransomware attack can be dire. An organization may find itself locked out of its enterprise data for weeks. There may also be deletion of entire databases. Additionally, cybercrime may lead to reputation damage and the loss of customer trust.
In 2019, according to Cyber Security Ventures a new organization fell victim to ransomware every 14 seconds. It is predicted that by 2021 this will increase to every 11 seconds.
In 2018, the FBI received 1,493 complaints about ransomware with victims. This incurred losses on average of $3,621,857. That only counts the actual ransom payments, not the fallout. Atlanta, for example, spent around $2.6 million on its recovery efforts from a ransomware demand of about $52,000.
While the number of these attacks is rapidly increasing, small enterprises can protect themselves with an ongoing front-line defense and employee vigilance.
How to protect your business from cybercrime.
The phrase “education, education, education” couldn’t be more fitting for cybercrime awareness. It’s critical to keep ourselves and our employees informed and alert to phishing scams and attempted attacks. This allows us to prevent a cyber breach.
Trust no (unknown) email.
Most individuals trigger a ransomware attack by opening what looks like a normal email. This email actually contains a virus in a document, photo, video or another type of file. Most hackers don’t even need much knowledge to insert a piece of malware into a file. Instead, there are numerous articles and YouTube tutorials on how to do it.
Always avoid opening an email from an unknown sender. What if you receive an email from an unknown source? Inform your company data security advisor or IT team immediately.
Prevention is better than cure.
When ransomware infects a single computer, it’s a serious problem. It spreads through the network like wildfire. It becomes a nightmare that compromises the entire business.
What can you do to avoid this? Companies that have not already done so should consider implementing a data security software program. This checks all incoming emails before the intended recipient receives them. It dramatically reduces the risk of a virus spreading inside a company network and compromising sensitive data.
In the event of a breach, it also pays to be prepared. You may have a Disaster Recovery Plan in place for your small business. DRPs highlight key stakeholders, risk assessments, and recovery procedures. They are invaluable for ensuring a calm and swift restoration process to failed, compromised, or disrupted IT systems.
Do not delay an update.
There are two things we can update: our IT systems and employees.
First, updating your software and operating systems will ensure that there are no gaps in your data security policies. By informing employees of the risks around cybercrime, you can ensure that individual software and system updates are happening when necessary while simultaneously empowering staff to know what to do in the event of an attack.
Ongoing training, reading the most recent news, and keeping up to date about new developments in this area and loopholes in networks or software solutions should be a necessity.
Secure your remote setup.
If your organization doesn’t require a Remote Desktop Protocol (RDP), it’s best to replace it with a more secure solution. If this isn’t possible, then the following measures should be put in place:
- Use a VPN to access your organization’s RDP. This creates a secure connection between an organizations’ employees and the internet. All data traffic is sent through an encrypted virtual tunnel. This prevents cybercriminals from being able to brute force a system.
- Ensure you have two-factor authentication setup.
- Those employees that service important internal services should have the maximum access required to be able to complete their job. Any employee that accesses critical systems or backups should have two-factor authentication setup.
- Have an up-to-date disaster recovery plan in place. This ensures you have a backup of all critical data.
Ensure you have a secure, up-to-date backup.
It’s always best practice to back up your work, but it’s crucial for preventing ransomware attacks. To do this, your backup must be up-to-date, highly secure, and tested thoroughly and frequently. Most importantly, it must also enable the easy restoration of data.
This means that if you are hit by any form of malware, you can rebuild your system quickly and hassle-free. If possible, make sure that your backup system is not connected to your network (or only for the time when it’s needed), as this will prevent your backup being affected by malware as well.
Our tips for best backup practice.
Implement a backup and recovery plan for all critical data using the 3-2-1 strategy. 3. Retain a minimum of three copies of data 2. Store data on two different types of media 1. Secure one copy of your backups offsite.
Test backups regularly to ensure proper configuration. This will limit the impact of a data breach and accelerate the recovery process.
Isolate critical backups from the network (air gap) for maximum protection.
Implement copy-on-write file systems (NetApp WAFL – Linux ZFS) or WORM features in NAS systems or appliances.
Patch critical operating systems, antivirus, security, and backup software as soon as possible.
Establish ongoing cybersecurity training for users and admins to identify phishing emails.
What to do if your business is hit by ransomware.
What if ransomware gets through your defensive line? Then, you should do the following.
Never pay the ransom.
Paying the criminals doesn’t guarantee that you will get your data back. In many cases (and most definitely, if it is a ‘ranscam’ or wiper malware) you will not get your data back. This leaves you with no data and a lot less money.
Do not try to decrypt the data by yourself.
Some computer specialists may have the capabilities to recover lost data. However, it is risky. If something goes wrong, you could destroy your data forever. It’s important to contact expert specialists with the necessary skills and experience.
Check your backup.
Even if your backup is missing after a ransomware attack, you should never rule out the possibility of recovery. Possible solutions depend on the type of media or storage system, and the type of ransomware.
Lynn Walker is the VP of Global Marketing at Ontrack, the world’s leading data recovery specialists. Lynn has managed and led dynamic marketing teams for over ten years. In this blog, Lynn shares her wisdom on how to protect your business from cybercrime.