Ransomware is on the rise. In 2022, it’s estimated that a ransomware attack happens every 11 seconds. Small businesses are not immune—rather, they’re often the target of such attacks. Last year, more than 80% of ransomware attacks targeted companies with less than 1,000 employees.
The best defense against ransomware is prevention. At N8 Solutions, we work with businesses of all sizes and sectors to prevent and defend against damaging ransomware attacks. During these discussions, we often encounter the same frequently asked questions. So, here, we provide a “ransomware 101” to answer these common questions. Being informed is a key part of your overall prevention strategy—when you understand the threat you face, you can more easily identify the best tactics to thwart or minimize it.
What is ransomware?
Ransomware doesn’t just sound scary, it is scary. Ransomware is a type of malicious software (or malware) that infects a computer and restricts users’ access to it until a ransom is paid. Often, ransomware is deployed using malicious email attachments or links that are disguised to look authentic and trustworthy. Ransomware victims are told that unless a ransom is paid, access to data will not be restored. For a small business owner, the average cost of a ransomware attack is $139,000, an increase over last year.
The ransomware landscape is a troubling one. For example, we see incidents of a “double extortion” model in which attackers not only demand a ransom to recover critical data, but also pressure victims to pay additional money or they’ll publicly share or even auction your data, which leads to further reputational costs. And even when a ransom is paid in full, there are accounts of businesses not ever re-gaining access or control of the looted data. We also see dangerous new variants, such as a “twist” on ransomware in which criminals attempt to exfiltrate all needed data before a business even knows it’s under attack.
How does ransomware infiltrate my network?
Here’s how most ransomware attacks go down. A user, often an employee at your business, receives an email that appears to be legitimate based on the subject matter or perceived sender. The email will contain a link or file that is embedded with malware and ask that the user follow the link or download the file. This action launches the attack.
The embedded malware then hunts your network for data and folders to hold ransom. Malware is increasingly sophisticated and difficult to spot; it can even disable some data backup and recovery systems. Once the malware has identified valuable data, it establishes command and begins to encrypt files. These files can only be decrypted with a key known to the attacker. All the while, the malware continues to spread across and infiltrate your network. The unsuspecting user then receives a message to alert them to the intrusion and convey the ransom demand. Often, the attacker requires a business to send untraceable payment for the ransom (e.g., Bitcoin).
How can I prevent ransomware?
Ransomware is a real and present danger for businesses of all sizes and industries, but there are steps you can take to better protect your organization. Here’s our high-level recommendations:
Secure your endpoints. Given today’s hybrid workplace, more employees are using more devices to conduct their work. These endpoints mean more points of entry into your network. Consider a comprehensive endpoint detection and response solution to prevent attackers from entering your network via multiple endpoints.
Routinely patch your software. Out-of-date software puts your business at risk, as attackers know about vulnerabilities in your software before you do. Keep your antivirus up-to-date and continue to patch all software to prevent attackers from exploiting known vulnerabilities.
Block dangerous emails. Establish an email security and filtering system to help identify and block ransomware emails before they reach your users. You should also educate all users on cybersecurity basics. It’s crucial that you and your staff stay vigilant and know how to spot and report potentially harmful emails. (For more, here’s five cybersecurity training tips.)
Back up your data. If you have a copy of all your data, an attacker can't really hold anything ransom. A robust data backup and recovery solution can’t prevent an attack, but it can minimize the damages and get you back up and running more quickly. Backing up will also protect your business from other unforeseen disasters, like a natural disaster, human error, fire or flood, or even another world-changing pandemic.
Can ransomware affect my data backups?
Today, we see sophisticated malware attacks specifically target backed-up data to maximize damage and impact. The only way to protect your backed-up data is through a process known as immutable backups, which means that once your backup data is written, it can never be changed or deleted. With immutable backups, your data can’t be read, modified, or deleted by clients on your network, including cybercriminals.
Oh no. We've been hit. Should we pay the ransom?
We get it—paying the ransom seems like the quick and easy way out of a stressful situation. That’s exactly the point for attackers. But our advice is: Don’t pay the ransom. As we mentioned above, paying the ransom doesn’t guarantee you’ll get your data back. In fact, doing so can even make your business the subject of future, repeated attacks. Further, the data you pay to recover could be corrupt. In one report, nearly half of the businesses that paid a ransom found that some or all of the data was corrupt or had data integrity issues.
Instead of paying up, immediately deploy your incident response plan to keep your business operations afloat. Here is where it’s crucial to have a robust data backup and disaster recovery strategy in place. Immediately take the necessary steps to secure your network and prevent another attack from occurring.
We hope this post helps answer your basic questions about the rise of ransomware and how it can damage your business and your reputation. N8 Solutions is here to help, whether you’ve been the victim or a recent attack or are interested in best-in-class cybersecurity solutions or employee training on how to spot malicious emails. Please get in touch with our friendly experts today to learn how we can prevent ransomware attacks —and more—at your business.