Protecting Your Small Business - The Rising Threat of Ransomware

Ransomware is a hot topic among cybersecurity professionals, authorities, public and private business, educational institutions, and insurance companies. Whether you’re a small business owner, CEO of a large corporation, or even just an average consumer, you should be thinking about ransomware and how prevalent it has become in today’s digital world. Bad actors continue to use ransomware more and more with newer and less secure targets every day.

If you think you’re immune to ransomware because you “aren’t much of a target” – this blog post is a MUST read for you! I’ll be focusing on ransomware, and its impacts on small and medium sized businesses as they are a growing focus that hackers are beginning to target with new and clever ransomware attacks.

Ransomware is one of the many forms of cyber attack that bad actors are utilizing to take advantage of consumers, businesses, and government entities alike. Unlike other forms of cyber-attacks, ransomware has an added component of holding your data hostage often in return for a large monetary ransom. Hackers use a variety of vectors to gain access to your network and systems. The most common entrance an attacker will use is email in the way of phishing. Unknowing users open an email and click a link or download an attachment that’s disguised to look like something they should trust. At that point the bad actors gain access to your network and have the ability to snoop into anything they want.

Hackers may not hold your data hostage right away. Quite often, they spend days, months, or even years with access before they choose to do anything with it. They often come in with a low level of access, and work to gain more and more access with elevated privileges as necessary and exploit weaknesses in your network. Once they have all that they need, they begin their ransom by locking you out of accessing your data. Once they have you locked out, they then encrypt that data so that even if you obtain it, you no longer can use it.

Ransomware attackers will often ask for a very large monetary ransom in order to get your data back. They may threaten to release the data into the public domain, sell it on the dark web, or all of the above if you don’t pay the ransom. In a lot of cases, even after a ransom is paid, they still hold your data hostage.

In 2023 several SMB’s have become victims of ransomware attacks. Casepoint, a legal technology company with roughly 500 employees was held hostage by a notorious ransomware gang named “BlackCat”.

Tisher Liner FC Law, a law firm in Australia with only 50 employees also fell victim to a ransomware attack just weeks ago. In this particular attack, the hackers posted medical records from clients of the law firm on the dark web.

In June 2023 MAC Pizza Management, another 50 employees company filed a notice of a data breach with the attorney general of Texas. In this attack, consumer data was stolen including social security numbers.

Even if your small business operates securely, being aware of your data and what service providers you may use will be key to understanding your threat surface. Take for example the ransomware attack on NCR, a digital banking and POS system company. When this company was attacked with ransomware, the consumer details of potentially hundreds of thousands of customers were exposed for any restaurant or small business that used their POS system.

SMBs are attractive targets for bad actors due to their lack of technical resources to handle data securely. Technology is also finding its way into nearly every aspect of our daily lives. SMBs are no different. With this large amount of technology comes a large responsibility to secure data. SMBs are now more reliant on their data and technology than ever before.

Ransomware is often covered in the news when we hear of large-scale attacks or attacks on critical infrastructure or public services. These organizations usually can repair after the incident due to their financial stability and insurance. SMBs aren’t always this fortunate. A ransomware attack on an SMB could pose serious consequences. Lawsuits can be filed for negligence to secure data, or the business could be forced to close entirely causing job loss for its employees and founders.

There are some things that an SMB can do to try and thwart ransomware attacks:

· Perform regular data backups.

· Deploy cybersecurity training to all employees.

· Use strong password policies.

· Implement Multi-Factor Authentication (MFA) wherever possible.

· Perform regular software updates.

· Implement robust security software.

· Consult with a data security consultant to review your cybersecurity practices.

In addition to the above preventative measures, an Incident Response Plan should also be created. In the event an incident does unfortunately occur, an Incident Response Plan that’s comprehensive and dynamic will help your business move through the incident as quickly and as efficiently as possible.

Ransomware is nothing to take lightly. Everyone from large businesses and governments to mom-and-pop pizza shops and store fronts are potential ransomware targets. Understanding this is the first step to securing your business. The next step is to begin looking at your operations and working with a trusted and qualified security services company to make sure you’re doing everything you can. Lastly, never pay the ransom!