According to the IBM Cost of a Data Breach report, the financial impact of a ransomware breach averages $5.68 million, and that’s without factoring in ransom payments.
Before, ransomware breaches were thought to hit enterprises exclusively, but a report from the Department of Homeland Security reveals that around 50% to 75% of ransomware victims are small businesses. In fact, small to medium businesses are ripe targets for a reason — with limited cybersecurity resources, the walls guarding their assets are often thinner, easier to breach, and their defenses, often neglected, fall quickly under attack.
Before diving into the security measures SMBs can implement to guard against ransomware attacks, it’s important to first understand what ransomware is, the various forms it takes, and the devastating real-world consequences that have followed these data breaches.
What Is Ransomware?
Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker.
Ransomware technology was first introduced by a Harvard-trained evolutionary biologist Joseph L. Popp. He triggered the AIDS Trojan by giving diskettes embedded with ransomware to attendees of an international AIDS conference held in Stockholm, Sweden. The code concealed file directories on their computers and demanded a $189 payment to Panama in order to regain access.
Even though ransomware has advanced significantly since then — in terms of both volume and sophistication — its core design is unchanged: to extort money from unsuspecting victims. What once traveled via diskettes now spreads through the internet via emails, downloads, and even images. In recent years, ransomware has also been exploited by cryptominers, who use it to hijack the computing power of victims’ machines to mine cryptocurrencies, avoiding the steep energy costs of mining themselves. These operations allow cryptominers to profit while remaining physically distant from the victims they exploit.
How Does Ransomware Work?
There are a number of ways that ransomware can access a computer.
One of the most common delivery vectors is phishing spam — attachments that come through emails, camouflaging as a file they should trust. Once they’ve been downloaded and opened, they can assume control over their computer, especially if they have embedded social engineering tools that mislead users into providing administrative access. More aggressive forms of ransomware take advantage of security gaps to infect computers without needing to deceive users.
Ransomware can also be spread through:
Operating system and software vulnerabilities
Cybercriminals often exploit known vulnerabilities to inject malicious code into systems or networks. Zero-day vulnerabilities—gaps that are either undiscovered by the security community or identified but not yet patched—represent a particularly significant threat. Some ransomware gangs purchase information on these zero-day exploits from other hackers to strategize their attacks. Additionally, attackers have been known to exploit patched vulnerabilities, as demonstrated by the 2017 WannaCry incident, where a known security flaw was used to launch a global ransomware attack.
Credential theft
Threat actors can obtain authorized users’ credentials by stealing them, purchasing them on the dark web, or cracking them through brute-force methods. Once they acquire these credentials, they can log into a network or computer to deploy ransomware directly.
Other malware
Hackers also frequently repurpose malware from previous attacks to deliver ransomware to devices. For instance, the Trickbot Trojan, originally created to steal banking credentials, was used by threat actors to spread the Conti ransomware variant throughout 2021. To add to that, hackers can use websites to deliver ransomware without the victim’s knowledge. Exploit kits leverage compromised sites to scan visitors’ browsers for vulnerabilities in web applications, injecting ransomware if they find an exploitable flaw.
Malvertising—compromised legitimate ads—can also serve as a delivery device. Even without clicking the ad, users can unknowingly have ransomware installed on their devices through this technique.
Why Small Businesses Should Be Cautious About Ransomware
Simply put, any small business that operates online, stores data, or uses computers is at risk of becoming a target.
Although large entities like governments, hospitals, and universities used to be prime targets because of their capacity to pay substantial ransoms, the focus has now shifted. Today, 49% of ransomware attacks target small businesses.
Here are five factors contributing to the growing threat of ransomware for small businesses:
- Limited Security Resources: Small businesses often lack the budget and expertise to implement robust cybersecurity measures, making them easier targets for attackers.
- Valuable Data: Many small businesses take care of sensitive customer information and financial data, which can be lucrative for cybercriminals seeking ransom.
- Inadequate Backup Practices: Some small businesses do not prioritize regular data backups, making them more likely to pay a ransom to recover lost data.
- Human Error: Employees in small businesses may be less trained in cybersecurity best practices, increasing the likelihood of falling for phishing scams or other social engineering tactics.
- Underestimation of Risk: Many small business owners may underestimate the risk of cyberattacks, believing they are too small to be targeted, which can lead to complacency in cybersecurity measures.
How To Prevent Ransomware
It is obvious ransomware attacks are a rapidly escalating threat to smaller businesses. With this in mind, SMBs need to begin practicing excellent IT hygiene by maintaining up-to-date software and operating systems and having strategic technical defenses in place. They also need to have a solid grasp of what needs protecting and the risks their systems and data are endangered, so they can prioritize accordingly.
These are a few defensive measures you can take to prevent ransomware attacks:
- Back up your files, frequently and automatically. This won’t guarantee the prevention of a malware attack, but it can make the damage caused by one much less devastating.
- Apply patches regularly to help thwart ransomware attacks that infiltrate software and operating system vulnerabilities.
- Install cybersecurity tools such as antimalware software, network monitoring tools, endpoint detection and response (EDR) platforms and security information and event management (SIEM) systems that can help security teams intercept ransomware in real-time.
- Double-check your IT team’s actions. If possible, hire a third party to test the strength of your systems and identify any vulnerabilities. Penetration testing is a security exercise in which an expert attempts to breach your defense—highlighting where your system is weak so you can take steps to mitigate.
- Provide employee cybersecurity training to help users recognize and avoid phishing, social engineering and other deliveries that can lead to ransomware attacks.
PROTECT YOUR BUSINESS AGAINST RANSOMWARE
Comprehensive, proven defenses are essential for ransomware, but it is also critical to plan carefully how to respond when things go awry – during and immediately following an attack. SMBs often struggle with this issue due to conflicting priorities and limited resources. If you lose sensitive data, who would you need to inform and how would you go about this?
At Yardstick Technologies, we understand the critical importance of protecting your business from malware and ransomware threats.
As a trusted managed service provider (MSP) in Canada, we serve over 170 businesses by delivering reliable IT services designed to safeguard your uptime and productivity. Our proactive approach includes comprehensive disaster recovery planning and cloud data backups, ensuring your operations remain uninterrupted. With our multi-layered security strategy that incorporates monitoring and alerting, we help prevent intrusions and cyberattacks.
Book a consultation with our specialists to discuss your security needs and learn how Yardstick can support your business in developing a forward-thinking security strategy.
