Ransomware attacks are worming their way into systems and networks all over the world, even in the U.S. house of Representatives, which said this week that attackers are trying to use third-party email applications like YahooMail and Gmail to encrypt files on users’ computers and hold them for ransom.
At small businesses, ransomware attacks are on the the rise, according to Norman Guadagno, chief evangelist at Carbonite, which offers cloud and hybrid backup software for small and midsize businesses. Ransomware, through which malicious actors infect a computer system or network with malware and hold data or the system itself hostage in exchange for payment, presents a particularly severe problem for small businesses.
That’s because, Guadagno told BizTech, small businesses often do not back up their files, do not engage in rigorous cyberhygiene training and often do not have the technical or financial resources to fight back against attackers — meaning they often end up paying.
As ZDNet reported last week, ransomware is now the most problematic cybersecurity threat, even more dangerous than advanced persistent threat network attacks, according to a report from cybersecurity researchers at Kaspersky Lab. The Kaspersky researchers detected 2,900 new ransomware malware modifications between January and March — a 14 percent jump from the fourth quarter. In the first quarter, 372,602 unique users were attacked by encryptors, which is 30 percent more than in the fourth quarter. About 17 percent of those attacked were in the corporate sector.
Additionally, researchers at Unit 42, the Palo Alto Networks threat intelligence team, say in a new report released this week that cryptographic ransomware is “one of the greatest cyberthreats facing organizations around the world.” The threat is likely to grow as businesses connect more devices to the Internet of Things, the report speculates, saying “no system is immune to attack, and any device that an attacker can hold for ransom will be a target in the future.”
Bryan Lee, one of the authors of the Unit 42 report, told ZDNet that ransomware has proliferated so much because cybercriminals have “realized ransomware is a lucrative business with little or low cost barriers to entry” and can use the attacks to easily make money illegally.
The Challenge for Small Businesses
Guadagno says that ransomware attacks are spiking again, noting that, according to anti-malware firm Enigma Software, there was a 159 percent jump in reported malware attacks in April compared with March. Small businesses, he says, “are ripe for attack.”
There are several reasons why small businesses are especially vulnerable, Guadagno says. Typically, they do not have dedicated IT staff members to monitor security.
Additionally, many small business employees have access to multiple systems, including payroll, finance and customer-service systems. “It only takes one person clicking the wrong thing” in an email or on the Internet to expose the system to an attack, he notes. “When you have lots of people using shared machines, it creates a lot of security risk,” Guadagno says.
It’s not that small business cannot afford to invest in security software to detect and prevent intrusions, he says. “Often, a small business doesn’t even know they should have these things in place,” he notes.
When businesses do get attacked by ransomware, according to Guadagno, they often pay the ransom, especially if the extorted amount is not large. That’s because small companies often cannot afford to lose access to their network, IT systems or files,
“It’s probably going to be the easiest solution for them,” he says. “They just want to get rid of the problem.” In contrast, enterprises often have large IT staffs and systems and procedures in place to deal with ransomware attacks.
Best Practices for Defending Against Ransomware
In a perfect world, according to Guadagno, every small business would develop not jut a business and hiring plan, but also a data strategy.
To defend against ransomware, small businesses need to have a strategy to secure and protect their data. Guadagno advises against small companies adopting a “hodgepodge” of solutions because that often “creates new vectors of entry for malicious software,” and “you’re creating, unfortunately, a perfect storm for an attack.”
Every small business should have “some simple understanding” of all the data they have, where it resides, how they can access the data and who has access to it. Small businesses also need to adopt secure software for threat intrusion, detection and prevention; and backup software, so that in the event an attacker gets through, the business can retain access to its data.
Small businesses also need to teach their employees common-sense cybersecurity practices and cyberhygiene, such as not clicking on suspicious emails or websites.
In the event that a small business does suffer ransomware attacks, Guadango says companies should contact their IT vendors and have them isolate machines, take them offline, wipe the machines and perform restores.
Guadagno says that whether a small business chooses physical or cloud-based data backups depends on the amount of data and how frequently the business needs to backup its data. However, he recommends multiple copies of data in multiple locations.
Small businesses, he says, “are the backbone of the economy, and this type of theft really puts them in danger. It’s important that they are empowered and know what solutions are there.”