Ransomware: What Your Business Needs to Know

Ransomware attacks are escalating, and this is scary news for business owners. Indeed, the tactic of using a computer virus to “hold data hostage” – essentially what ransomware does – isn’t a new concept and has actually been around for decades, though it’s been gaining more attention in recent years. But the two massive attacks that recently spread around the world have taken it to a whole new level, with experts in cybersecurity predicting the problem is only going to get worse.

What is Ransomware?

At its heart, ransomware parallels the ancient crime of kidnapping: Someone snatches something you value, and in order to repossess it, you have to pay a price. For this scheme to succeed, a virus must infect computers, which is usually accomplished by what’s known as “click bait” – tricking a user into clicking on a corrupt link. Ransomware can also be spread by clicking on an attachment, and in recent years, emails designed to distribute ransomware typically contain documents such as false mail delivery notices, tax returns or energy bills and more; once someone clicks on the link or attachment, the ransomware encrypts the computer’s hard drive, essentially locking users out of computer files including images and even music libraries. From there, it’s a matter of time until a screen appears threatening to destroy the files unless a ransom is paid.

TechPulse Not-So-Fun Fact: According to Symantec, the first known ransomware attack – dubbed AIDS Trojan – occurred in 1989, with a payment demand of $189. Ultimately, the attack was unsuccessful because few people used personal computers at the time, and the Internet was primarily utilized by technology and science demographics.

Okay, so let’s recap: Ransomware spreads through two main entry points:

  1. Email A recipient gets an email and is asked to download a file or click on a hyperlink; clicking on the link or downloading the file activates the ransomware.
  2. System Vulnerability A malicious network packet is sent to a vulnerable system from either the local network (internally) or from the Internet (externally).

The Ransomware Business Factor

When businesses are hit with ransomware, it’s not just the ransom amount that could financially sting – the time spent attempting to restore systems and get them back online, in addition to potential revenue lost in the interim, all make a lasting impact as well.

The truth is, major cyberattacks like the now-infamous WannaCry have put ransomware at the top of IT leaders’ minds at businesses everywhere; smaller, more targeted attacks can also do considerable damage to small businesses, make no mistake about it.

TechPulse Not-So-Fun Fact: According to a report by Osterman Research among more than 1,000 small- and medium-sized businesses, about 22-percent of businesses with less than 1,000 employees that experienced a ransomware attack in the last year had to cease business functions immediately—and approximately 15-percent lost revenue.

Small companies, on average, lost over $100,000 per ransomware incident due to downtime, and for one in six organizations, these attacks caused in excess of 25 hours in downtime.

Because small businesses are particularly impacted by these events, companies need to ensure systems are up-to-date, anti-virus software is run and files/vital information is frequently backed-up. Furthermore, employees should know how to identify suspicious emails or links, and report them to management and/or IT departments.

Therein lies the introduction to our next section:

How Businesses Can Best Defend Against Ransomware Attacks

It should be clear by now that businesses falling victim to ransomware attacks suffer devastating consequences – ransomware that lands in some shared locations within networks can literally paralyze an organization’s operations. It is for this primary reason that becoming savvier about preventing and defending against such attacks is vital for every business, of every size.

The key is to take proactive steps in order to minimize the odds that your business falls victim to ransomware; some steps you can take to defend your organization against ransomware include:

 

  • Ensure anti-virus is installed and up-to-date across all endpoints within your operation.
  • Have a multi-faceted security solution in place that employs additional protective technologies such as heuristics, firewalls, behavioral-based threat prevention, etc.
  • Establish security awareness campaigns that stress the avoidance of clicking on unknown attachments and links in emails.
  • Backup all data regularly via cloud providers, local storage devices or even network-attached drives.
  • Implement GPO restrictions to restrict not only ransomware, but malware in general.
  • Patch commonly-exploited third-party software such as Java, Flash and Adobe to prevent many types of attacks from occurring in the first place.
  • Restrict administrative rights on endpoints.

 

How TechPulse Can Help Protect Your Business

Through our managed IT services program, ransomware will be on the run – and will never want to return to claim a bounty on your system again. We analyze a customer’s current environment to form a strategic plan to bring your network infrastructure up to the latest standard, in addition to going above and beyond with:

  • 24-hour help desk with on-site technicians
  • Network administration
  • Proactive monitoring and management
  • Anti-virus protection
  • Monitored offsite data backup and managed machines
  • Enterprise email services
  • IT vendor management

To learn more about our position as the “ransomware police,” click here.