Over the last couple of years, ransomware – which enables hackers to commandeer a company’s data and hold it under password protection until a ransom is paid for its release – has become one of the most formidable and profitable weapons in a cybercriminal’s arsenal.
According to recent research from Beaming, a staggering 2.9 million UK businesses suffered a security breach in 2016, costing a total of £29.1 billion. While only 13 per cent of these attacks involved ransomware, these were by far the most expensive breaches for firms to bear, accounting for almost 40 per cent of these combined losses.
Simply put, hackers are turning to ransomware because it delivers them the biggest bang for their buck.
SMBs are particularly vulnerable
Datto’s own research suggests SMBs are particularly vulnerable to these ransomware attacks. In its survey of 148 European IT service providers, 87 per cent indicated that their SMB clients had been victimised by ransomware in the twelve months up to September 2016.
The pace of attacks on smaller firms is thick and fast. 40 per cent of survey respondents reported more than half-a-dozen separate attacks during the same year long time frame. Worse still, 27 per cent replied that they experienced multiple attacks in a single day.
Hackers are singling out SMBs because they recognise it’s not a fair fight. Today’s cybercriminals belong to well-funded, professional organisations, which utilise wide reaching botnets to automatically spam out malware to unsuspecting users. They only need a very small proportion of businesses to take the bait in order to fund their growing operations. Not all SMBs have the IT budgets or knowhow to keep one step ahead of the threats.
Priced to sell
When SMBs are hit with ransomware, only a minority – 40 per cent – report it to the authorities. There are a number of reasons why this number is low; one reason is that ransoms are priced at a point where an individual firm is likely to stomach the cost.
The Datto research found that most ransoms were priced somewhere between £500 and £2000. Some firms will of course find these costs extortionate. Others may consider this the price of doing business in the digital age, and will cough up without question in order to resume their day-to-day business operations.
Hackers understand this psychology and set their ransoms accordingly. After all, if they get too greedy, their victims may report them and that’s the last thing they want.
It’s also worth remembering that the ransom is just a fraction of the losses businesses can incur following an attack. The resultant downtime can be extremely damaging too. Of those questioned in the Datto survey, 62 percent complained that ransomware attacks has caused potentially business-threatening downtime. This is another reason why paying the ransom is the least bad option.
The common gap in SMB defences
Today, SMBs understand the need for anti-virus software and firewalls, but they might not always realise that these defences definitely aren’t watertight.
While these tools are indeed vital and should be deployed by every business, they will always provide a window of opportunity which hackers can exploit. This occurs after new malware has been released into the wild but before the IT security industry has discovered and patched against it.
Educating employees about how to spot and deal with suspicious emails is another vital line of defence, but so too is backup, as this enables firms to recover stolen data in the event that all other security measures fail.
Backup: the last line of defence
SMBs will be no stranger to the need to backup their data in case of system outages or in the event that their premises are hit by flood or fire. These regular backups can also protect against cybercriminals. If a firm can restore its files to mirror the time before its network was hijacked by malware, it can be up and running again quickly, with no ransom to pay and with only minimal downtime.
In order to bolster business defences still further, backup solutions are now beginning to integrate anti-ransomware technology. These additional features act as an early warning system and can even prevent attacks. Here, each backup is automatically compared to the last version in order to scan for and identify malware patterns. If ransomware is detected, the system is immediately restored to the ‘last good’ version, allowing the business to carry on unaffected.
Defence in depth
Ransomware is big business for hackers, so it is perhaps little surprise that many busy SMBs are struggling to keep up with the latest threats. In the face of ever-more sophisticated threats it is critical that SMBs deploy a multi-layered approach to security as no single line of defence is ever going to be enough to keep cybercriminals out.
Tip: For SMBs overwhelmed by the technology options available to keep their businesses safe, hiring a Managed Service Provider is often a worthwhile investment.
Firms which deploy anti-virus solutions, firewalls and backup in combination – and complement this technology with high quality employee education – will be best placed to dodge the ransom demands of the future.