Why it costs less for small businesses to prevent ransomware rather than pay-up
🕒 5 min read
✏️ Carolina Marino Sargeant
If you think your business is exempt, think again.
The reality of a ransomware attack
Ransomware – and indeed any cyber security attack or data breach – is likely to happen to your business at some point. Acceptance is the first part of helping your business to deal with ransomware; you certainly aren’t alone when dealing with the issue. In fact, ransomware damage costs are predicted to hit $11.5 billion by 2019.
You may think hackers would try to go after larger enterprises as they hold far more data that could be more valuable. But small businesses often have weaker security and fewer resources than larger enterprises. Making them an easier target.
However, while you may accept that your business could be a victim of ransomware, that doesn’t mean you shouldn’t do your utmost to prevent ransomware from affecting your organisation. Nor does it mean paying off hackers who have held your data at ransom. After all, there is no honour among thieves; in many cases, hackers will not give your data back even after you spend your hard-earned money on them.
Take a look at some of the measures you can take to help your business avoid being yet another victim of ransomware, and then some steps to take in case your business has been affected.
Prevention against cyber attacks must come first
While some of the security steps here may seem obvious, it’s worth checking that your business actually does have these precautions in place...
Understanding how ransomware can occur
First and foremost, there has to be an understanding what ransomware is and how it happens. Essentially, a hacker needs access to one of your computers to infiltrate your network. They can do this by using phishing spam – an attachment or link that comes to one of your employees via email, that looks like a file they should trust. Once it’s downloaded and opened, it enables them access to the victim’s computer. Don’t underestimate hackers: they can easily find some intel on your employees and your company online to create more convincing emails that will make you click.
Hackers can also create fake web domains with URLs that are similar to real ones: it takes only a typo for an employee to land in a contaminated website.
More sophisticated attacks, like NotPetya, don’t even need users to be tricked and instead exploit security gaps in your IT infrastructure to infect computers.
Raise malware awareness and train your employees
This can begin with telling them not to trust emails unless they are completely sure that it is from someone they know. They should also be careful with the links they click on: always hover over it first and check if the link it sends you to matches the description given. You could reward employees for reporting phishing emails or frequently test your employees with fake phishing emails to see who, if anyone, gets caught out.
Back up your data – in case of a successful malware attack
Backing up your data to another data centre or cloud provider can help ensure you don’t feel the need to pay the hackers even when you are hit by a ransomware attack. If you have the majority of your data backed up elsewhere, you are in a significantly stronger position – just make sure this is a regular occurrence.
What IT security products should you use?
There are so many different IT security products on the market that it can be hard to know what is right for you. However, making sure you have the basics such as anti-virus and malware covered can help you fend off a large proportion of hackers. Having a solution to block your employees from accessing malicious websites is also a cheap and effective solution. This type of product can not only help prevent initial infection but it can also stop ransomware from completing the encryption process, in case you are infected.
Keep your operating system patched and up-to-date so that you have fewer vulnerabilities for hackers to exploit and ensure you don’t install software or give it administrative privileges unless you know exactly what it does.
My small business is a victim of ransomware – now what?
It may seem like good business sense to pay off the hackers and retrieve your files. Many small businesses thought the same, paying ransomware hackers $301m in 2016 to decrypt critical files. [Source: Datto's Global State of the Channel Ransomware Report] But the reality is that only 19% of ransomware victims who pay the ransom actually get their files back. [Source: CyberEdge’s 2018 Cyberthreat Defense Report]
This could be because the hacker never intended to decrypt the files or because they want to see if you pay up and then try to extort even more money from you. The good news is that the majority of victims – almost two thirds – refused to pay their hackers, and of those victims, about 86% were able to recover files on their own. How? By regularly backing up their files.
It's worth noting that you also need to remove the malware from your computer and restore it to your control. This can be done by rebooting Windows 10 to safe mode, installing anti-malware software, scanning the system to find the ransomware program and restoring the computer to a previous state.
While this gives you control back, it doesn’t give you your decrypted data back. So, if you haven’t regularly backed up your files, there may be a temptation to pay the hacker – and the truth is, no one knows the likelihood of getting your files back, because companies rarely admit to paying them off.
Before you take the risk of spending money, check if there’s a freely available tool that can potentially decrypt your files. If there’s not, then find out how much it would cost to employ a data recovery firm - or a security expert - that can help you get your data back. Remember, the key is to always be in control, even if you’ve lost your data, control how you manage the situation and mitigate any further risks.
To learn more about the important role that people play in defeating Ransomware, take a look at this Anatomy of an Attack video.
For more details on how you can build a robust security defence against Ransomware, visit Cisco's dedicated web page.