Tel: (01) 901 1310

menu

6 Things Every Small Business Needs to Know About Ransomware Attacks

50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies, And changes in business practices, accelerated by the pandemic, have left small businesses even more vulnerable.

Share Post:

Share on linkedin
Share on twitter
Share on facebook
Share on email
Ransomware

Source: Inc.com/ Amrita Khalid 

Comment: It’s not something any of use want to imagine but the majority of victims of Ransomware attacks are smaller companies, and the impact can be devastating.

It’s tempting to think the average cyber extortionist has bigger fish to fry than your small business. Last month alone, hackers targeted the largest petroleum pipeline in the United States, Ireland’s national health service, the city of Gary, Indiana, and numerous other big targets.

But while they may receive less attention, 50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies, Secretary of Homeland Security Alejandro Mayorkas said during a U.S. Chamber of Commerce event in May. And changes in business practices, accelerated by the pandemic, have left small businesses even more vulnerable.

In ransomware attacks, cyber criminals use malware to take over and encrypt a victim’s files and data, effectively holding the data hostage until they’re paid to release it. The recent surge in remote work was a golden opportunity for hackers, who took advantage of out-of-date VPNs and unsecured home networks.

The consequences of a ransomware attack on a small company aren’t as wide-ranging as those on a hospital or a public utility, but the result for the victim can be more crippling. An estimated 60 percent of small businesses fail within six months of an attack, according to the National Cyber Security Alliance. For the companies that do recover, repeat ransomware attacks are increasingly common: Roughly 80 percent of victims are hit a second time, according to a report from Boston-based cybersecurity firm Cybereason.

Small businesses are attractive targets because they typically lack the budget and resources to prevent, identify, respond to, and recover from threats. There are, however, some simple methods that can help, says Charles Horton, chief operating officer of cybersecurity firm NetSPI. Here are a few things he and other experts say you should know about ransomware.

1. Every industry is vulnerable.
No target has proved too small for hackers, who are constantly on the hunt for new opportunities. “No matter if it is education, government, health care, manufacturing or electricity, each sector has had many successful cyber-attacks in the past,” says Candid Wuest, vice president of cyber protection research at cybersecurity firm Acronis. Some criminals enjoy variety, focusing on specific groups for a while before they move on to the next group.

2. Always remember to back up.
“If you have really good backups in place, from a business continuity perspective, especially if you’re a small business, you are not as impacted,” Horton notes. But don’t count on being able to return to normal right away–even companies with backup systems aren’t safe. Increasingly, thieves have been targeting backup systems, as well as entire devices.

A cloud-based backup may be a good option, since it keeps your data off-site and immediately accessible. But there are ways this option can backfire, such as if your malware-infected files sync to your cloud server. Cloud service providers also can fall victim to ransomware attacks.

3. Don’t forget to secure your remote workers.
Remote workers are sitting ducks for cyber criminals. Hackers can slip in through remote access entry points, including remote desktops and VPN access portals. You should make sure your remote workers are trained to spot phishing attempts, use two-factor authentication, and download the most recent updates of security software.

4. Have a plan of action for a ransomware attack.
Who will your company contact once it suspects a ransomware attack? How will you get the word out to employees and clients? Where are all the backups located? What happens if the hacker already found the backups?

Ideally, to address these questions you should perform tabletop exercises, or a real-time simulation of a ransomware attack, so you’re not flying blind if your data is intercepted. (You can hire a cybersecurity firm to perform the exercises or do them yourself, but it will cost you either way.) Employees can then identify what went wrong, and fix any vulnerabilities in their system. “These different scenarios in your incident response plan will help you develop that muscle memory around what to do in the event that one of them actually takes place,” says Horton.

5. You’re almost guaranteed to lose some of your data.
A staggering 92 percent of ransomware victims who comply with the thieves’ demands don’t get all of their data back, according to a report from security firm Sophos. Victims commonly pay the ransom to get access to a decryption key, which they can use to unlock and decrypt their data. But there’s always a chance that the key won’t work–and if it does, at least some of the data may be corrupted, in many cases irretrievably. Even more worrisome, there’s a chance that the hacker may have installed spyware or other malicious software in your system.

So although every situation is different, experts typically urge businesses not to give in to hackers’ demands. “The general advice is not to pay any ransom, as it will boost further attacks and might even be illegal in your country to do so,” Wuest says. “The best advice is to prepare for such attacks in advance and prevent them from happening.”

6. Don’t count on law enforcement to recover ransomware payments.
Nearly 98 percent of ransomware payments are made in Bitcoin, because traditionally it’s been hard for authorities to track. That appears to be changing: After Colonial Pipeline paid approximately $4.4 million to hacker group DarkSide to regain access to its systems, the FBI was able to recover roughly $2 million of that sum.

With so much talk of Ransomware attacks across the world at the moment now is the time to act to ensure you and your Business are secure.

Quick Contact - Or Call: 01 9011310

Sign Up To Our Latest Transmission

To be sent automatic updates to our latest news articles, please fill in your details.

More News

Leadership

Do You Feel Stuck Trying To Grow Your Company?

Good leadership is vital for organizational success, but even good leadership can be an obstacle. Successful leaders often struggle with a few common issues: difficulty trusting others, identity and worth and self-discipline.

Warehouse Management

12 Tips for Keeping a New Warehouse Organized

If you want to serve your customers quickly and efficiently, you’ll need a good system of organization in place. But with potentially thousands of items to keep track of, dozens of people to hire, entire systems to build from the ground up, how are you supposed to do it?

The Business Troubleshooters Ltd.

Dublin

Carlow

Cork

Ⓒ 2020 - All Rights Are Reserved

Sign Up To Our Latest Transmission

Dublin

3013 Lake Dr,
Citywest Business Campus,
Dublin, D24 PPT3
Tel: (01) 901 1310

Carlow

Enterprise House,
O’Brien Road,
Co. Carlow, R93 YOY3
Tel: (059) 910 0440

Cork

Acorn Business Centre,
Mahon Industrial Estate
Blackrock,
Cork, T12 K7CV
Tel: (021) 2021130

Share on linkedin