Held for Ransom
Are you aware of the danger of ransomware? As defined on our blog, ransomware is malware (MALicious softWARE) that locks all of the data on your network with encryption. The perpetrators then demand a ransom to unlock your data. Surprise! Sometimes after paying the price the criminal does not restore the data.
It stands to reason that hackers who would resort to these tactics would want to go after the biggest fish for the biggest prize. Guess what? Not always. Many large businesses have strong security protocols that protect them better than small businesses. Because of that small businesses are a growing target for cyber-attacks. In fact, the Verizon 2019 Data Breach Investigations Report (DBIR) reports that small businesses comprise 43% of cyber-attack victims. Cybersecurity Ventures expects that a business will fall victim to a ransomware attack every 11 seconds by 2021. This makes ransomware the fastest growing type of cybercrime. In the old days hackers had to expose themselves financially to gain access to a ransom payment, now with crypto currency the payments to the hacker are completely untraceable, which is leading to a recurrence of ransomware.
Small businesses are many times easy prey and need to be very proactive about protection.
Protect Your Small Business
The triumvirate of preventing your data being held as ransom is back-ups, phishing training, and patches.
Backups. As we always say, you have to back-up for the simple reason of avoiding loss of data. When it comes to ransomware, a good back-up can salvage your data and help you recover to get back in business quickly. Often, the first thing a hacker does is delete your backups. It is important that your backups are secure from the rest of your network.
Phishing tactics can fool even very savvy technology professionals. Be careful. If an email asking for personal information and passwords seems strange, it probably is malicious and you should delete it right away. Anything that has to do with money has to be scrutinized carefully. There are training systems for phishing awareness that, in my opinion, every business should be using.
Patches serve to repair holes in the operating system of your computer servers and workstations. On a recurring basis, Microsoft distributes new patches. It is important to work with a professional who understands how to apply patches. Patching needs to be automated and consistent. Hackers will keep attempting a data breach by searching for holes that aren’t patched until they get through-the longer you remain un-patched the more time you give the hacker to attack your system.
It’s a random hunt for these criminals. Hackers aren’t sure what they’re looking for when they start going through your system. They rely on you having something they’ll find interesting once they start roaming your files. Their patience pays off as they sit and watch until they see something.
For instance, maybe there’s a merger and you have named the financial institution in an email. It gives them just enough information to send a phishing email that looks like it’s from that financial institution. They send the message asking for you to give them some details and you respond willingly because it was in line with your business dealings. Then they ask for money–by rerouting a wire transfer usually. They rob you and there’s very little you can do about it afterward.
Weak Cyber-Security Makes You a Big Target!
Just like a bully, a cyber-criminal picks on the little guy because a little guy is weak. In the same way, a small business that has weak security measures in place is therefore easy prey for hackers. They do not target small businesses based on supposed assets.
Many hackers come from the Eastern European bloc nation states and they demand bitcoin for payment because there is absolutely no way to trace it. There has been a resurgence of ransomware, in fact, due to crypto currency.
As an added security measure, ask your business insurance provider about cyber insurance. If you have it already, read your policy and know what’s covered.