Ransomware is on the rise. It’s one of the biggest dangers facing small and medium-sized businesses (SMBs) today, especially as it doesn’t differentiate between the recently recruited intern and the seasoned CEO. Anyone can be fooled into opening that malicious attachment. So much so, that according to CNN nearly $210 million was paid to ransomware extortionists in Q1 2016 alone.
Furthermore, attackers have learned that the most profitable route is to target small businesses with low ransom demands ranging from $300 to $2000. This is within the realm of affordability even for SMBs and in most cases will be paid to offset the cost of downtime and getting up and running again. And with ready-made ransomware kits available on the “dark net” for deployment at the attacker’s will, can we even argue that crime doesn’t pay? Not only does ransomware pay, it’s a far safer way of stealing money than holding up a gas station!
Another reason small businesses provide a prime target for ransomware attacks is they usually lack the sophisticated computer defenses and complex IT policies of large corporations. Consequently, SMBs are very vulnerable. An overwhelming majority (Intel claims as many as 80 percent) of SMBs do not have sufficient data protection or email security. Scarily, according to the NCSA, 60 percent of SMBs that have been attacked will close their doors within six months of the attack. In short, the fate of a business could rest on the results of a single misplaced mouse click.
To Pay or Not to Pay
Coughing up the ransom after an attack may result in getting your data back. But there have been plenty of cases where the decryption key hasn’t arrived or where it has failed to effectively unlock the encrypted files. Demanding a ransom is far from legitimate business practice, and therefore it shouldn’t be a surprise when malware authors fail to honor their end of the bargain. They can (and often do) take your money and run, with no fear of repercussion.
So, with this firmly in mind, what is our best option to prevent ransomware? Well the operative word here is “options.” After all, malware protection on your gateway (firewall) isn’t enough. Ransomware on a home laptop is likely to transfer to a corporate network, and so the best prevention takes the form of a multi-layered approach.
Traditional anti-virus software compares the unique aspects of a virus against a huge database of known viruses. If the virus hasn’t been previously encountered it won’t appear on the database and consequently won’t be detected. Today’s next-generation anti-virus software employs additional tools in the fight against malware, including isolation of unknown software or suspicious files, protecting important systems from possible infection. Heuristic analysis examines what processes suspicious files are running. If their conduct appears questionable, such as encrypting user documents, the processes will be stopped in their tracks and removed.
If your system user has “administrator” permissions, consider removing them. Web browsing, opening documents and other regular work activities while logged in as administrator could put system files and networked resources at risk.
The fewer files any single user has access to, the less a ransomware attack is able to “infect” a computer. If a sales guy doesn’t need access to the financial files, then denying him permission to them will help prevent both an intentional internal attack (which is unfortunately far too common), and also an unintentional attack.
Correctly versioned backups can protect your data against more than just ransomware. Theft, fire, flood or accidental deletion can all have the effect of bringing your business to a resounding halt. Make sure your backed-up data is encrypted so only you can restore it. And if you back up to an external hard drive, make sure it’s unplugged from your machine when not in use.
Disaster Recovery doesn’t just function as a failover for your operations in case of hardware malfunction. It can also double as your insurance policy for surviving a ransomware attack. It will help you get up and running more quickly if a breach occurs.
Testing Your Defenses
Since ransomware, malware and phishing attacks often arrive in user mailboxes, running simulations can increase employees’ sensitivity to these fraudulent emails. If employees know what to look out for, they are far more likely to think twice before clicking on potentially harmful payloads.
Oran Cohen is the COO of Lyntor—an Israeli cybersecurity company providing holistic, tailored solutions to SMBs. Lyntor’s team consists of Israel Defense Forces veterans, from elite cybersecurity intelligence units, who have acquired years of defensive and offensive experience. Visit www.lyntor.com.