What Business Owners Should Know About Ransomware

Craig Scott

According to report by Statista, there were over 236 million ransomware attacks globally in the first half of 2022. The cost of falling victim to one of these attacks can be tremendous; it can include both a financial loss, as well as the loss of valuable information. It is vital for both businesses and individuals to make sure they are prepared and defended when an attack knocks on their door.

What is ransomware?

Ransomware utilizes a feature of operating systems, typically Windows, which can encrypt files remotely and hold the “key” to decrypt the files as ransom. Usually, the encrypting feature of the operating system is used for cyber security reasons, but cybercriminals have figured out ways to leverage this feature to extort businesses and individuals.

The encryption process and resulting ransom can be started as easily as any user opening a nefarious email attachment. The malicious software then encrypts all the files it can locate and sends the key back to the perpetrator. All the important files are still on the computer in front of the victim, but once encrypted they cannot be opened without the key.

There are several types of ransomware, and some variants are more harmful than others.  The five types are (from a Symantec employee):

Crypto malware

This is a well-known form of ransomware and can cause a great deal of damage, though it may not be targeting the sensitive data on a computer. Crypto malware works in the background of a computer, mining cryptocurrencies without the owner’s knowledge. This form of malware can tie up a large portion of the computing power on a device, leaving the user with slow system processing speeds and downgrades performance.

One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.

Lockers

This kind of ransomware is known for infecting an operating system to completely lock the victim out of their computer, making it impossible to access any of the files or applications.

Scareware

This is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to have found issues on a computer, demanding money to resolve the issue. Some types of scareware lock the computer, while others flood the users screen with annoying alerts and pop-up messages.

Doxware

Commonly referred to as leakware, doxware threatens to publish stolen information online if the target doesn’t pay the ransom. As more people store sensitive files and personal photos on their computers, it’s understandable that many individuals panic and pay the ransom when their files have been hijacked.

RaaS

Otherwise known as “Ransomware as a Service,” RaaS is a type of malware hosted anonymously by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors — software that restores data access — in exchange for their cut of the ransom.

So, what can a small business do to prevent ransomware from infecting their business-critical systems? Below are a few suggestions to protect your small business:

Take good backups of your data

If there are backups, potential targets maintain the upper hand when dealing with ransomware crooks. The frequency of backups should be determined by the transaction volume of the business.

Additionally, I like to conform to the 3-2-1 rule for backups, that is, to keep at a minimum, 3 copies of data, 2 of the copies on different media, and at least one copy stored offsite.  For small businesses, taking a hard disk with backups offsite daily and disconnecting from production systems will enable victims to restore your files in the event of a ransomware event.

Ideally, small business will conform to the 3-2-1 rule, but that can get too expensive for some small businesses.  Backing up to the cloud may also be an option, but make sure that it is not an “always on” connection because the backups could also become encrypted.

Be cautious of email attachments

The most common avenue for malicious software, such as ransomware, to infiltrate a network is through email attachments. If you are not expecting the email/attachment do not open it.

Use security software and good firewalls

For small businesses, there are several viable security software options available.  Some offer proactive tools that can both prevent ransomware and additionally stop the encryption process if it was initiated through an undetected method. Purchase, and keep updated, a good firewall that is capable of scanning for malware.

Train your staff

Even if use good security software and firewalls are in use, a good “human firewall” is still needed.  If malicious software makes it through a firewall, such an email with an attachment, make sure staff members are also trained to be skeptical and security conscious.

Consider using cloud-based email

Cloud-based email, such as Office 365, typically provides additional layers of protection against ransomware.

Keep your software up to date

In addition to keeping your security software and firewalls up to date, be sure to keep your operating system and office software up to date as well.  Microsoft releases patches every second Tuesday of the month.

The number of ransomware attacks is quickly and steadily rising each year. With the knowledge of what types of ransomware and some defense strategies to implement, small business owners are on their way to reducing their vulnerability to the financial and informational loss associated with a ransomware attack.

Craig Scott
Director of IT and Facilities