Small and medium-sized businesses (SMBs) have become increasingly attractive targets for cybercriminals. Often, these smaller businesses don’t have the financial or technical resources in-house to deal with existing and emerging threats. One of the biggest threats SMBs face is ransomware, a malicious attack where data is encrypted and held hostage until the criminals are paid to release it.
One thing is for sure – a ransomware attack is crippling for an SMB, both financially and operationally, and can have long-lasting consequences. If data is encrypted, the business can’t run as usual, placing it in a monetary black hole because of the price they must pay, which has skyrocketed over the last few years. According to the 2021 Webroot BrightCloud Threat Report, at the end of 2018, the average ransomware payment was $US6,733. By the end of 2019, that figure had grown 1100 per cent, to $US84,116, and it has just gone up since then, peaking at $US233,871 in the final quarter of 2020. Moreover, ransomware attacks may extend beyond the financial impact, affecting businesses reputation and customer trust, and with protracted downtime, also affecting operations and downstream processes.
So, what exactly is ransomware, and how can you guard your business against a potentially terminal attack?
Anatomy of a ransomware attack
Ransomware attacks are usually multi-stage, with the demand for a ransom being the end of a long chain of technological compromise. It’s not uncommon for attackers to infiltrate a business over many months collecting information to use in later stages of the attack completely unbeknown to the business.
The first stage of an attack may occur when a user clicks a malicious email attachment and downloads what appears to be an innocuous Word or Excel document. When they open it, the document asks them to enable macros. Doing so downloads a malware payload that infects the computer and then acts as a backdoor to the system for further malware downloads.
This malware then moves through the network, capturing credentials when they are typed into the computer. This gives an attacker the ability to tamper with technological protections and backups and then deliver the ransomware payload, which encrypts data, making it unreachable and unusable.
By that time, it’s too late. The attacker makes their ransom demands, forcing the user to face the dilemma of paying or going through the time-consuming process of restoring data from offsite backups (assuming those are available).
It’s also worth noting that ransomware can infect backups, even if they’re offsite or stored in the cloud. Simply using a cloud backup service doesn’t protect you from a ransomware attack.
How to protect yourself against ransomware attacks
As we’ve noted, SMBs are particularly vulnerable to ransomware attacks mostly due to inadequate security or lack of financial or technical resources larger organizations have. Because of these limitations, it’s important to layer the protection you use. No layer will ever be 100 per cent effective at stopping threats, but by using several layers together, you’re building far stronger protection than any single layer can provide.
One of the most effective protection layers you can use, along with technical solutions, is user education. Often a malware infection happens because a user was tricked into clicking on a link or providing credentials through social engineering or phishing.
Providing effective security awareness training and education for your users can significantly reduce compromises. This means teaching them to spot a phishing email, never enable macros, and confirm the identity of people claiming to be in a position of authority or asking for credentials.
Our research shows that running recurring awareness campaigns for users massively decreases the likelihood they’ll take an action that could result in a malware infection. Organizations that embrace ongoing security awareness training see a 72 per cent reduction in users clicking on links in phishing emails. Unlike other types of training, such as compliance, which only occurs once a year, the nature of the threat landscape and how quickly it can change warrants sustained, ongoing security awareness training for maximum effectiveness.
SMBs will always be uniquely vulnerable to attacks. Still, by increasing user education and establishing strong security measures, SMBs can significantly decrease the likelihood their business will be brought to its knees by a ransomware attack.