Colonial Pipeline, a major fuel pipeline connecting the entire East Coast was hit with the largest-known cyber attack on U.S. energy infrastructure. The security incident which was followed by a shutdown of the pipeline led to panic buying of gas and a sharp price jump. The type of cyber attack behind this devastating incident was ransomware.
Some of the latest predictions show that the global ransomware damage costs will reach $20 billion in 2021, making it one of the fastest growing types of cybercrime. But ransomware is no recent threat. In fact, it has been around since the late ‘80s with the first known strain developed in 1989.
Evolutionary biologist Dr. Joseph Popp created the PC Cyborg Trojan, known as AIDS Trojan. Infecting 20,000 disketted with the malware, Popp sent them all around the world, presenting it as a program that shares information on AIDS (hence the name). But, once the recipients inserted the diskett, their computer was infected and malware encrypted the names of all files on C:, asking for a $189 ransom to return access to the files.
While it wasn’t a sophisticated attack (the decryption key was easily obtained from the malware’s code), this marked the beginning of what will become one of the most devastating and widely-spread cyber threats on both individuals and businesses.
Ransomware can spread in many ways: from taking advantage of your system’s security weakness to luring your staff through phishing emails. And ransomware authors and malicious actors aren’t picky about their victims. Businesses of all sizes can fall victim to a ransomware attack even if they aren’t considered a “big fish”. If cyber criminals attack a small business and ask for a small ransom of $500, successfully attacking 50 targets can be enough for their efforts.
We have talked about ransomware as one of the top 4 most common cyber threats for SMBs in 2021 and now it’s time to take a deep dive into types of this cyber attack, who is targeted, and how to act proactively and protect your SMB from ransomware.
What is ransomware?
Ransomware is a type of malware that, when it infects a device, denies access to its owner, whether access to specific files or the entire system. Access can only be regained if a ransom is paid. But how does ransomware make its way to your device?
Usually, a ransomware attack begins with a persuasive phishing email that contains a link or an attachment that when clicked or downloaded triggers the ransomware to instal on your device. After that, it will encrypt the data on the infected device, rendering it inaccessible to the owner. You will get a message informing you that you have been attacked and demanding payment for the decryption key.
Phishing emails aren’t the only way in which ransomware is delivered to a victim’s device: attackers can work by exploiting known security vulnerabilities present on an operating system that hasn’t been updated, unpatched software programs and even hardware such as routers.
It truly is a devastating scenario to find yourself in: attackers having access to your company’s most sensitive files, demanding ransom from you to access it. It’s made worse with the fact that there is seemingly no right answer on how to act — pay the ransom or not?
If you don’t pay the ransom, you might never be able to recover your files again. And if you pay the ransom — you could be breaching regulatory compliance and even inspiring cyber criminals to attack you again in the future.
Also, who can give you the guarantee that you will get access back? They are criminals, after all. That can leave you with financial losses, disruption of operations and even reputational damages, when you have to report to everyone about your data breach and explain to your customers what happened with their data.
Types of ransomware
While we are most familiar with the “typical” ransomware attacks, there are a few variants and types used by cyber criminals today, a few not so well-known:
- Crypto ransomware: When we said typical ransomware, we were referring to crypto ransomware. Crypto is a type of ransomware that works by encrypting a victim’s files and then demanding a ransom in return for a decryption key. It’s the most common type of ransomware that targets both individuals and businesses.
- Locker ransomware: While you might be thinking that locker ransomware is more fitting to the description of crypto, it actually works differently. Locker ransomware blocks access to files and systems by locking users out with a lock screen that displays a message asking for payment in order to unlock access.
- Scareware: Scareware is much less scarier than it sounds. This type of ransomware presents itself as an anti-virus software that pops up, telling you that they have found issues on your device, urging you to pay them to get those issues fixed. With scareware, the worst thing that can happen if you don’t pay is that you will just keep getting those annoying pop ups. While not fun, it certainly is a much better scenario than losing your critical files forever.
- Doxware: Doxware, also called extortionware, is one of the newer types of ransomware that might just take the cake for being the scariest. Doxware works by targeting particularly sensitive files of a victim such as private images or intellectual property of a company, holding them hostage and demanding ransom for their safe return. In case of doxware, added threat is the release of those sensitive files to the public, bringing with it sometimes irreparable reputational damages.
What vertical markets are under a threat of ransomware?
Cybersecurity should be on top of the agenda for businesses of all sizes and across all industries. With much of the workforce now operating remotely and leveraging new technologies to maintain operations as usual, businesses of all sizes are now facing the growing number of cybersecurity risks, and ransomware takes the number one spot as the most prolific threat.
Small businesses are especially vulnerable to ransomware as they often have weaker defenses than large corporations and don’t put that much focus on cybersecurity due to limited budgets and resources for an expert IT team.
Additionally, many small businesses adopt the damaging “It won’t happen to me” attitude while still holding customer data that is valuable to attackers. And they won’t waste a second to take advantage of this unprepared stance of SMBs.
Just look at the industries that are most vulnerable to cyber attacks in general, including ransomware:
- Small businesses (in all industries)
- Healthcare institutions
- Higher education facilities
- Energy companies
- Government agencies (and other contractors, often small businesses)
How to act proactively and prevent ransomware
While it might seem like there are no right answers on how to act when your business suffers a ransomware attack, there are some sure-fire ways to work on your prevention. Thankfully, some basic cybersecurity hygiene practices are enough to make sure you are prepared when the danger strikes.
Backup all of your files and systems
Regularly backing up all of your sensitive and critical information and systems can help your business recover more easily and ensure business continuity in the case of being hit with a ransomware attack. Backups can take place as either local backup or be cloud-based, with the latter being a superior security practice.
Keep your OS and software updated
We mentioned that one way malicious attackers gain access to your system and infect it with ransomware is by exploiting vulnerabilities in your OS, software and programs. This is why regularly patching and applying available updates is crucial in eliminating known security vulnerabilities in your entire IT environment. Have an established patch management process where you periodically check for available updates and apply them immediately. If you leverage an anti-virus solution, make sure it’s also updated as the new patches provide protection against newer forms of malware.
Educate your staff
Your first, and often the weakest, line of defense is your staff. You can have all of the appropriate security tools and software ready to detect and prevent attacks, but all it can take is an employee clicking on a wrong link and your entire network is served with ransomware. Your staff should be aware of how to spot a phishing link and to never share their credentials without verifying the source. And on an organizational level, password policies that dictate strong passwords that are changed periodically as well as enforcement of multifactor authentication (MFA) can provide much needed protection for your business’s data.
Find a trusted MSP
Working with a trusted MSP can bring many benefits to small and medium sized businesses, as we highlighted in our Why Your Startup Should Leverage an MSP article. An MSP can help your small business with every step in protecting against ransomware and other types of cyber crime:
- It cuts the need for resources and budgets that a dedicated IT team requires. MSPs provide advanced security tools and software that will help protect your business even from the most sophisticated of attacks. MSPs have their trusted security vendors and will install all appropriate security tools on your systems.
- As email is one of the most common ways of attackers delivering ransomware to your system, it’s important to have appropriate email security solutions to protect your staff’s mailboxes. Most MSPs offer email security and ransomware (phishing) protection as part of their services.
- If you are not that fond of the idea of always keeping an eye on new updates and having them sometimes render your devices unusable until done, an MSP can help you there as well. An MSP will keep in check all available updates and will automatically apply them at the times best suited for your business to ensure business continuity as well as maximum security.
- Educating and empowering your staff is vital for a safe and efficient business and its cyber resilience. Better adept MSPs also offer staff education and nurturing cybersecurity awareness in your business through professional training that keeps it engaging so you are sure your staff didn’t just do a test answering questions about their knowledge once in 6 months, but that they actually understand the risks and best cybersecurity practices.
Final tip: DO NOT pay the ransom
The final tip we can give is to never pay the ransom. Beside it being illegal in certain areas and being a huge breach of compliance (which can result in legal fines), it’s highly important that you never give criminals what they want. Don’t even negotiate with them. Another fact is that the more businesses pay the ransom, the more motivation attackers will have to continue infecting others, and even attacking you again. The best thing to do in a situation of suffering a ransomware attack is to contact your local authorities and let them contain the situation. Work with a trusted MSP to find decryptors and have a disaster recovery plan with them in place.
Altitude Integrations’ mission is to provide proactive and innovative IT solutions to small & medium-sized businesses around the globe. We are equipped to handle any cybersecurity challenge your business might face so don’t hesitate to contact us and find out how we can help you be cyber resilient in the current threat landscape.