2020 has been an unexpected, topsy-turvy year for everyone running a business. From moving to remote models to digital marketing, a lot of businesses are conducting a majority of their business online.
With that digital shift comes more pronounced vulnerabilities to cyber attacks, and one of the most noteworthy tactics criminals have turned to is ransomware. In fact, it is now the most common type of cyber security incident threatening small-midsized businesses.
Read on to learn more about what ransomware is, who is most commonly targeted, and how it could affect your SMB.
What is ransomware?
Ransomware is malware that threatens to block access to data, or threatens to steal data and publish it on the web, unless a ransom has been paid. Ransomware can lock down a single machine or an entire network, including servers, by encrypting files and documents.
Once the ransomware has taken hold, a victim doesn’t have very many options. They can:
- Pay the ransom, and hope that the criminals who targeted them provide a decryption key—but getting a key from the culprit isn’t always guaranteed, and giving into extortion demands isn’t recommended.
- Restore from backups.
- Search for a free decryption key.
Why is ransomware so popular with cyber criminals?
Cyber criminals are always looking for a quick way to make money, and many tactics of cyber crime, such as stealing and selling financial data, take a lot of time and effort to do.
For instance, a hacker would need to gain access to a network, maintain that access, and then retrieve the financial information without being discovered. And from there, they would then need to sell that data.
That’s significantly more complicated, and less lucrative, than writing a single ransomware script and infecting an SMB, or several at once, through a malicious email or attachment. That’s why ransomware appeals to many of today’s cyber criminals—they can make hundreds of thousands of dollars in one fell swoop.
Who is affected by ransomware?
Businesses in all sectors and of all sizes can be ransomware targets. Even government agencies and non-profits are battered by ransomware attempts, including the World Health Organization. While that particular attempt was unsuccessful, it just goes to show that no organization is off-limits.
Nevertheless, many ransomware attacks target small and midsized businesses for a few reasons. First and foremost, targeting small businesses commonly works in a hacker’s favor more often than targeting multi-million-dollar enterprises.
Why? Cyber criminals will conduct multiple simultaneous attacks on small businesses, with demands in the range of thousands to tens of thousands of dollars. After a while, those attacks add up.
Other reasons that cyber criminals attack SMBs include perceived vulnerabilities. Small-midsized businesses are more likely to pay ransoms because they believe it is the quickest way to get a decryption key.
SMBs also may not have robust, comprehensive cyber security solutions in place to protect their systems, networks, applications, and transmissions.
Here’s how one Arkansas SMB fell victim to ransomware—and paid the ultimate price.
The Heritage Company, a telemarketing firm, left 300 employees without jobs following a ransomware incident in October 2019. The company’s servers were attacked by malicious software, and unfortunately, their data recovery plans did not go as expected.
What was initially supposed to take one week to get the company up and running again had failed in time for Christmas 2019.
The Heritage Company was forced to suspend their services, and this is not an isolated incident. Many cases have arisen involving smaller companies closing their doors for good as a result of a ransomware attack.
After all, it’s not just the ransom itself that your organization has to worry about.
How does ransomware impact SMBs?
While the ransom amount is one direct cost to consider, it is not a best practice to actually pay it.
Nevertheless, 43 percent of SMB executives admitted to paying between $10,000 and $50,000 in an attempt to get their data back. 13 percent took a heavier hit of more than $100,000.
There are other fees associated with a ransomware attack, including the unexpected costs of downtime.
While the amount of time your business is down can vary, most businesses are down for approximately 15 days—can your business afford two straight weeks of reduced productivity?
These days are often the largest pain points for SMBs, with downtime productivity outages costing nearly 20 times more than the actual ransom.
Your reputation could be permanently tarnished.
Whereas many old styles of cyber attacks were stealthy and breaches could remain private, in most cases, ransomware attacks are more likely to become public knowledge. If you lose access to customer data, you will likely have to inform them of the breach. And, even if recovery is possible, restoring customer trust can be hard. As a result, keeping current customers and growing your business becomes more difficult.
You could be held legally responsible.
Sometimes, unhappy customers resort to legal means. In one such instance, DCH Health Systems was part of a class-action lawsuit after a ransomware attack targeted Alabama Hospitals in December 2019. In this case, patients filed against alleged privacy violations, negligence, and the disruption of medical care.
You could lose your data—permanently.
Even after you have paid the ransom demand, there is actually no guarantee that you’ll receive a decryption key.
Whether through a faulty design in the ransomware itself or just a hacker who decides to take the money and run, there are cases in which companies do not get their information restored. Although, hackers not giving up a decryption key is rare, as Coveware reports a 98 percent delivery rate post-payment. Of course, this also depends on the type of ransomware and the group conducting the attack. While most key deliveries are successful, and 97 percent of those decryption keys do work, there is still always the slight chance that it may not.
How can your SMB fight against ransomware?
There are a few steps your SMB can take to avoid falling victim to a ransomware attack, including:
- Keeping software and operating systems updated.
- Maintaining a robust cyber security stature.
- Using common sense when browsing the web.
- Requiring staff to complete ongoing cyber security awareness training.
- Backing up your data.
- Having plans for recovering after a ransomware attack, should it ever happen to you.
Do you have questions or concerns about protecting your business from a ransomware attack?
CoreTech’s cyber security team has the expertise to help you get started with a layered, cyber security strategy to keep you from becoming a victim.
From managed IT security to staff training, to data backups and disaster recovery, our services and solutions run the gamut. To find out more about how CoreTech can secure your business systems and devices, contact us today!