Ransomware is on the rise. It’s one of the biggest dangers facing small and medium-sized businesses (SMBs) today, especially as it doesn’t differentiate between the recently recruited intern and the seasoned CEO. Anyone can be fooled into opening that malicious attachment. So much so that ransomware is predicted to reach US$20 billion by 2021.
Furthermore, attackers have learned that the most profitable route is to target small businesses with low ransom demands ranging from $300 to $2000. This is within the realm of affordability even for SMBs and in most cases will be paid to offset the cost of downtime and getting up and running again. And with ready-made ransomware kits available on the “darknet” for deployment at the attacker’s will, can we even argue that crime doesn’t pay? Not only does ransomware pay, but it’s also a far safer way of stealing money than holding up a gas station!
Another reason small businesses provide a prime target for ransomware attacks is they usually lack the sophisticated computer defenses and complex IT policies of large corporations. Consequently, SMBs are very vulnerable. An overwhelming majority (Intel claims as many as 80 percents) of SMBs do not have sufficient data protection or email security. Scarily, according to the National Cybersecurity Alliance, 60 percent of SMBs that have been attacked will close their doors within six months of the attack. In short, the fate of a business could rest on the results of a single misplaced mouse click.
To Pay Or Not To Pay
Coughing up the ransom after an attack may result in getting your data back. But there have been plenty of cases where the decryption key hasn’t arrived or where it has failed to effectively unlock the encrypted files. Demanding a ransom is far from legitimate business practice, and therefore it shouldn’t be a surprise when malware authors fail to honor their end of the bargain. They can (and often do) take your money and run, with no fear of repercussion.
So, with this firmly in mind, what is our best option to prevent ransomware? Well, the operative word here is “options.” After all, malware protection on your gateway (firewall) isn’t enough. Ransomware on a home laptop is likely to transfer to a corporate network, and so the best prevention takes the form of a multi-layered approach.
Operating System Updates
Installing vendor issued updates is by far and away the best way to keep ransomware at bay. Case in point is May 2017’s Wannacry outbreak which spread by exploiting a vulnerability that Windows has patched two months earlier. Those who patched were spared. Those who did not felt the wrath of a state sponsored cyberattack the likes of which had not been seen till then. Just a few weeks later, a second catastrophic attack known as NotPetya struck using the same vulnerability. This time the costs were in the hundreds of million US dollars.
Anti-Virus Software
Traditional anti-virus software compares the unique aspects of a virus against a huge database of known viruses. If the virus hasn’t been previously encountered it won’t appear on the database and consequently won’t be detected. Today’s next-generation anti-virus software employs additional tools in the fight against malware, including isolation of unknown software or suspicious files, protecting important systems from possible infection. The heuristic analysis examines what processes suspicious files are running. If their conduct appears questionable, such as encrypting user documents, the processes will be stopped in their tracks and removed.
User Permissions
If your system user has “administrator” permissions, consider removing them. Web browsing, opening documents, and other regular work activities while logged in as an administrator could put system files and networked resources at risk.
File Permissions
The fewer files any single user has access to, the less a ransomware attack is able to “infect” a computer. If a sales guy doesn’t need access to the financial files, then denying him permission to them will help prevent both an intentional internal attack (which is unfortunately far too common) and also an unintentional attack.
Backup
Correctly versioned backups can protect your data against more than just ransomware. Theft, fire, flood, or accidental deletion can all have the effect of bringing your business to a resounding halt. Make sure your backed-up data is encrypted so only you can restore it. And if you back up to an external hard drive, make sure it’s unplugged from your machine when not in use.
Disaster Recovery
Disaster Recovery doesn’t just function as a failover for your operations in case of hardware malfunction. It can also double as your insurance policy for surviving a ransomware attack. It will help you get up and running more quickly if a breach occurs.
Testing Your Defenses
Since ransomware, malware, and phishing attacks often arrive in user mailboxes, running simulations can increase employees’ sensitivity to these fraudulent emails. If employees know what to look out for, they are far more likely to think twice before clicking on potentially harmful payloads.
For more information on how our offensive services can help protect your organization from attacks, please contact Shay Pinsker at shay@op-c.net, or visit our website.
