While ransomware has been around for a few years, recent high-profile attacks have given it ‘headline news’ status. In May and June 2017, organisations from across the globe were struck down by the strains ‘WannaCry’ and ‘Petya’ respectively. The NHS, WPP and Maersk are just a few examples of the huge organisations that suffered severe downtime due to the attacks which, in some cases, lasted for days. Also in June, South African web hosting company Nayana was attacked with the ‘Erebus’ ransomware and ultimately paid 396.6 Bitcoin (approximately $1 million) for the release of its data, the largest ransom to have ever been paid.
When such large entities are struggling with ransomware, small and medium-sized enterprises (SMEs) face even more of a challenge. Often without the resources to cope with prolonged downtime or the expertise to remove ransomware, the threat leaves them between a rock and a hard place. Cybercriminals know this, so they cast their nets far and wide, spamming lots of firms at one time and increasing the likelihood that some will pay up. While it’s easy to just say that companies shouldn’t give into criminal demands, when faced with the choice between the cost and hassle of downtime or paying a ransom which may seemingly cost less on paper, it might just seem like the least bad option.
However, there are a number of reasons why SMEs shouldn’t cough up the money
Firstly, paying up does not guarantee the safe return of data. There’s no contract or handshake, businesses are simply forced into trusting the individual or organisation that has just caused the issue. Datto conducted some research into this topic during the twelve months up until September 2016. It found that almost half – 47 per cent – of the European SMEs which opted to pay ransoms, didn’t get all of their data back, compounding losses.
A tactic perpetrators use in order to get SMEs to pay up quickly is to provide ‘support’. When ransomware takes hold, the payment process can be confusing, particularly if it involves a cryptocurrency such as Blockchain, which both WannaCry and Petya did. As such, some strains come with advice pop-ups, chat bots or even contact phone numbers included to help walk victims through the process. When done professionally, some businesses may actually start suffering from slight Stockholm syndrome, feeling appreciative towards attackers as they genuinely seem to be helping them to get data back. They’re not, they only care about receiving the cash.
Secondly, firms that cave to ransom demands quickly gain a reputation. Other cybercriminals will see them as low hanging fruit which will leave them susceptible to not only attacks using other ransomware strains, but all kinds of cyber threats. If a business cares enough about its data to pay a ransom, the chances are that the information is valuable enough to warrant being stolen in a hack. Similarly to how a bully will keep picking on the same targets if they get the reaction they want, cybercriminals will keep trying their luck with the same firms.
Thirdly, every time a ransom is paid, it’s just more money heading into the criminal underworld. Most perpetrators don’t work alone, they are part of large professional criminal organisations. As such, it’s already not a fair fight, with SMEs unlikely to have the investment capabilities to fend off the non-stop onslaught of ransomware and other cyberattacks.
Every penny that is spent on ransoms will likely be used to develop more sophisticated ransomware strains that can bypass anti-viruses and firewalls – even if they are completely patched and up-to-date – putting more businesses at risk. SMEs must remember that every time they cave they are rewarding individuals for doing something illegal and simply encouraging them to carry out further attacks.
Backup must become an essential aspect of cybersecurity
Ultimately, ransomware has become a formidable weapon in the cybercriminal armoury and it only grows stronger with each ransom that is paid. Instead of caving, SMEs must adopt a new approach to cybersecurity that doesn’t just include preventative and monitoring features, but contains reactive measures too. While it’s vital to keep antivirus and firewalls patched to defend against common ransomware strains, newer versions are likely to slip through and take hold, rendering them redundant.
As such, backup must become part of the process. It’s a pretty common piece of advice given out to consumers and businesses that keeping backups can mitigate accidental deletion or damage from fire and floods, but it can also help to defend against ransomware attacks too. If regular system snapshots are taken, businesses are simply able to roll systems back to a healthy point before the ransomware attack happened. There’s no drama, virtually no downtime and no ransom, companies can simply carry on as usual.
Andrew Stuart is managing director at Datto EMEA.