Home Work Smarter Is my Small Business at Risk For a Ransomware attack?

Is my Small Business at Risk For a Ransomware attack?

Ransomware attacks are increasing, and so is the price to get your data back and systems running. The FBI recently reported, that hacking victims have paid “more than $209 million in ransom payments” in the first three months of this year, compared with $25 million in all of 2015.” And while no one is immune the recent high profile attacks have established a pattern that hospitals, police stations, and small businesses are targets. Why?

  1. They all lack a sophisticated cybersecurity infrastructure (i.e. anti-virus, backup, disaster recovery).
  2. They lack the resources required to have a strong cyber posture (skilled employees, training)
  3. Some are open 24/7 and have irreplaceable data

44% of small businesses reported being the victim of a cyber-attack, with an average cost of approximately $9,000 per attack.

This combination makes these organizations vulnerable and easy targets. And without taking the proper preventative measures they are stuck with the FBI’s recommendation “to just pay up”.

So, what is RANSOMWARE and what can be done

Ransomware can take different forms, but it is a type of malware that denies access to a device or files until a ransom has been paid. Ransomware encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.

Ransomware encrypts the files on a workstation or laptop, and can travel across your network and encrypt files located on both mapped and unmapped network drives. It’s how one infected user can bring a department or entire organization to a halt.

Once the files are encrypted, the hackers will display a screen or webpage explaining how to pay to unlock the files. Historically, ransoms started in the $300-$500 range but fast forward to 2019 and companies are being hit with ransoms in the thousands of dollars.

Paying the ransom invariably involves paying a form of e-currency (cryptocurrency) like Bitcoin. Once the hackers verify payment, they provide “decryptor” software, and the computer starts the arduous process of decrypting all of the files.

How Do Companies Get Infected?

Hackers primarily use the following vectors to infect a machine: phishing emails, unpatched programs, compromised websites, poisoned online advertising and free software downloads. An attack typically starts when a user opens a malicious email attachment that installs a virus on to their desktop that begins encrypting all of your files.

How do I know if I am infected?

  1. You are suddenly unable to open normal files and get errors such as the file is corrupted or has the wrong extension
  2. A window has opened to a ransomware program and you cannot close it. This is usually accompanied win an alarming message with instructions on how to pay to unlock your files
  3. The program warns that there is a countdown until the ransom increases or you will not be able to decrypt your files
  4. You see files in all directories with the names such as such as HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML.

Here is an example of a CryptoLocker screen shot:

 

 

 

 

 

 

 

 

 

 

 

 

What can I do if I am a Victim of a RANSOMWARE Attack?

Ransomware is hard to detect while it’s encrypting user files and the average user may not recognize the danger until the ransom demand finally appears. This means that you may not learn about the infection until after the damage has begun and the malware is already inside the network. At this point, your priority has to be to contain the virus and prevent it from spreading within the network. We recommend you do the following.

1. REMOVE INFECTED MACHINE FROM THE NETWORK. Always assume that the malware could make use of an internet connection (i.e. sending information back to the criminals, or spreading itself to other users). In the worst-case scenario, you should turn off network access for the entire office until you can get the outbreak under control.

2. RESET YOUR BIOS TIME. According to David Balaban with Privacy PC, IT admins don’t need to be afraid of the ransomware’s countdown timer that imposes a deadline at which point the ransom doubles. Just set your BIOS time back. This will reduce your stress and give you more time to recover your key files and eliminate the malware.

3. ROLL BACK FROM PREVIOUS BACKUP. Having a recent backup (and access to unlimited version history) will make it easy for you to restore your customer’s operations as quickly and painlessly as possible, saving time and money for both you and your customer. As the downtime stakes have increased with each ransomware attack, having a backup solution in place and regularly testing backups to make sure they’re running properly is a critical part of protecting your customers from ransomware. Determining which backup to restore after a ransomware infection is imperative, but you must first ensure that your most current backup does not also contain the infection. PRO TIP: A better way to identify your recovery point – the point at which your files were uninfected – is to leverage a disaster recovery as a service (DRaaS) solution. The ability to quickly ‘spin up’ a DR image on your local appliance gives you the ability to confirm that the image you’re restoring does not contain the infection. Plus, by spinning up the image in a self-contained VM, you can inspect the DR image without exposing it to the local network.

4. STAY CURRENT WITH THE LATEST THREATS. MSPs can stay up to date on the latest ransomware threats by following sites such as Bleeping Computer or the Microsoft Malware Protection Center. These technical support sites provide powerful self-education tools to learn about the latest security threats.

5. ALERT AUTHORITIES. Ransomware is a serious form of extortion. Notify the FBI and don’t be tempted to pay the ransom. Paying them would be a mistake because they might continue to extort you and may not release your information.

In conclusion…

The rapid evolution of ransomware is raising the stakes for every business and prompting considerable changes to current best practices in order to protect data. A solid data backup and disaster recovery plan is proving to be an MSP’s best friend in this fight. If you can replace the encrypted data, then these cybercriminals have no leverage. You can always count on attackers being able to get in the front door, but with the right recovery capabilities, you can stop the threat before damage is done.

 


Susan Rouse, is a Certified Information Security Professional (CISSP) and ISO 27001 Information System Professional at AG Grace, Inc. with more than 20 years of experience developing security solutions and helping federal agencies protect their information security networks.  Her passion is to help small businesses who sometimes lack the resources to understand where they are at risk and protect their businesses.


Frederick Chamber Insights is a news outlet of the Frederick County Chamber of Commerce. For more information about membership, programs and initiatives, please visit our website.

 

Related Posts

Leave a Comment